Denial Of Service (DoS)

org.elasticsearch.plugin, x-pack-security is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits or throttling on user settings data allocation, which allows a low-privileged authenticated attacker to submit oversized data and trigger excessive memory allocation...

CVE-2025-12449 aBlocks – WordPress Gutenberg Blocks <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Settings Modification

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated...

GHSA-QF7C-7R9H-MM92 Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

Linux Distros Unpatched Vulnerability : CVE-2025-68384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation...

Allocation of Resources Without Limits or Throttling

Overview org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the submission of oversized user settings data. An attacker can exhaust system resourc...

CVE-2025-68384

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

CVE-2025-68384

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

CVE-2025-68384

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

CVE-2025-68384

CVE-2025-68384 affects Elasticsearch and describes an allocation of resources without limits or throttling (CWE-770). The issue can be exploited by a low-privileged authenticated user to trigger excessive allocation, leading to a persistent denial of service (OOM crash) by submitting oversized us...

CVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or Throttling

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

EUVD-2025-17661

Malicious code in bioql PyPI...

CVE-2025-43701

CVE-2025-43701 affects Salesforce OmniStudio (FlexCards). Root cause: improper preservation of permissions allowing exposure of Custom Settings data. Impact: OmniStudio versions before 254. CVSS 3.1 base 7.5 ( HIGH ); attack vector/complexity: network/low, no user interaction required. Remediatio...

CVE-2025-43701

Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards allows exposure of Custom Settings data. This impacts OmniStudio: before version 254...

PT-2025-22121 · Salesforce · Omnis Studio

Name of the Vulnerable Software and Affected Versions: Salesforce OmniStudio versions prior to 254 Description: The issue is related to an Improper Preservation of Permissions vulnerability in Salesforce OmniStudio FlexCards, which allows exposure of Custom Settings data. Recommendations: For...

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates applications for Web content management, e-commerce frameworks and product information management. A cross-site scripting vulnerability exist...

PT-2023-2595 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.6.0 Description: The issue is related to errors in handling symbolic links within the settings.DataFolder variable in the Docker Desktop for Windows platform. This can allow a remote attacker to gain read,...

CVE-2022-3781

Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote...

CVE-2022-27333

idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data...

CTXReports

CTXReports Tool Version 1.0 Created Date: January 30, 2009 Updated Date: January 30, 2009 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to...

Update for customer experience and diagnostic telemetry

Update for customer experience and diagnostic telemetry This article describes an update for Windows 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 SP1, and Windows Server 2008 R2 SP1. Before you install this update, check out the Prerequisites section. About this update This package updat...