Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1770)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1770 advisory. Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from...

GitLab 17.1 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-1402)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Allocation of Resources Without Limits or Throttling in GitLab CVE-2026-1402 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version numbe...

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1720)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1720 advisory. An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to...

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

CVE-2025-3922

GitLab CVE-2025-3922 affects GitLab CE/EE versions 12.4 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1. The issue arises from insufficient resource allocation limits in the GraphQL API, allowing an authenticated user to cause denial of service by overwhelming system resources under...

Security Update for Microsoft .NET Core (March 2026)

The version of tested product installed on the remote host is 8.x prior to 8.0.25, 9.x prior to 9.0.14, or 10.x prior to 10.0.4. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory: - Out-of-bounds read in .NET allows an unauthorized attacker to deny servic...

Security Bulletin: IBM webMethods BPM is affected by multiple vulnerabilities

Summary Vulnerabilities due to Apache tomcat have been addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-52520 DESCRIPTION: For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits...

QNAP File Station 5 Unlimited or Unthrottled Resource Allocation Vulnerability (CNVD-2025-30284)

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from an Unlimited Resource Allocation or Throttling vulnerability, which can be exploited by an attacker to prevent other systems,...

QNAP Systems File Station 5 安全漏洞

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from an Unlimited Resource Allocation or Throttling vulnerability, which can be exploited by an attacker to prevent other systems,...

QNAP Systems File Station 5 安全漏洞

QNAP File Station 5 is a core file management application developed by Qualcomm Technologies QNAP for its networked storage NAS devices. QNAP File Station 5 suffers from an Unlimited Resource Allocation or Throttling vulnerability that can be exploited by an attacker to cause resource access to b...

GitLab 18.1 < 18.2.7 / 18.3 < 18.3.3 / 18.4 < 18.4.1 (CVE-2025-10867)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Allocation of Resources Without Limits or Throttling in GitLab CVE-2025-10867 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2025-30260

CVE-2025-30260 affects QNAP Qsync Central. The issue is an allocation of resources without limits or throttling in Qsync Central that can, if an attacker obtains a user account, prevent other systems, applications, or processes from accessing the same resources. Public details indicate the vulner...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling wh...

Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

CVE-2023-2666 Allocation of Resources Without Limits or Throttling in froxlor/froxlor

Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16...

PT-2023-18680 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.1 Discourse version 3.1.0.beta2 and earlier Description: Discourse is an open source platform for community discussion. The issue is related to Allocation of Resources Without Limits or Throttling, where a...