Lucene search
+L

235 matches found

OSV
OSV
added 2026/03/31 11:41 p.m.12 views

GHSA-H45M-MGCP-Q388 openssl-encrypt: TOTP rate limiter is in-memory only — not shared across workers, lost on restart

Severity: HIGH Summary The TOTP brute-force rate limiter in opensslencryptserver/modules/pepper/totp.py at lines 47-98 uses an in-memory defaultdictlist as a class variable. Affected Code python class TOTPRateLimiter: def initself, ...: self.attempts: Dictstr, Listdatetime = defaultdictlist...

9.1CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/03/05 12:26 a.m.26 views

GHSA-HX52-CV84-JR5V Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

5.3CVSS6AI score0.00504EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/29 9:20 p.m.12 views

CVE-2026-24766

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:27 p.m.8 views

CVE-2026-24766

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:32 a.m.12 views

CVE-2017-18915

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access...

9.8CVSS7.1AI score0.01184EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/12/15 12:0 a.m.10 views

VulnCheck KEV: CVE-2024-55963

An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of...

6.5CVSS5.8AI score0.27733EPSS
In wildExploits5References44
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-12324

Malware in sbrugna...

7.8CVSS7.8AI score0.03894EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-10005

Malware in sbrugna...

9.8CVSS9.2AI score0.01184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.8 views

CVE-2025-54811

OpenPLCV3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple...

7.1CVSS7.2AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6861

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.006EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-53383

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-48303

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00642EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-3515

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.01126EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-41120

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-47194

Malicious code in bioql PyPI...

9.1CVSS7.7AI score0.10849EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:9 p.m.7 views

CVE-2021-45785

TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...

6.5CVSS7AI score0.00254EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/05/19 10:4 p.m.20 views

Multer vulnerable to Denial of Service via memory leaks from unclosed streams

Impact Multer 2.0.0 is vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal busboy stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time,...

7.5CVSS7.1AI score0.00683EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/04/15 8:8 p.m.27 views

CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...

8.2CVSS0.007EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.7 views

PT-2025-16394 · Jellyfin · Jellyfin

Name of the Vulnerable Software and Affected Versions: Jellyfin versions 10.9.0 through 10.10.6 Description: The issue affects Jellyfin, an open source self-hosted media server. It involves the /System/Restart endpoint, which is intended for administrators to restart the Jellyfin server. However,...

8.2CVSS7.1AI score0.007EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/04/02 4:15 p.m.24 views

CVE-2025-20212

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series devices could allow an authenticated, remote attacker to cause a denial of service DoS condition in the Cisco AnyConnect service on an affected device. To exploit this vulnerability, the attacker must...

7.7CVSS0.00662EPSS
Exploits0References1
Rows per page
Query Builder