Lucene search
K

152 matches found

CVE
CVE
added 2026/06/24 8:54 p.m.10 views

CVE-2026-45677

Summary (CVE-2026-45677): Rocket.Chat prior to versions 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11 fails to verify the signature on inbound SAML LogoutRequest messages. This allows an unauthenticated remote attacker who knows a target user’s SAML NameID (commonly the user’s ema...

8.7CVSS6AI score0.00451EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:12 p.m.4 views

GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:12 p.m.9 views

Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2026-38431

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51632

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description The built-in Go SSH server in Gogs is subject to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to the ssh.NewServerConn...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/06/12 8:9 p.m.69 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script...

7.5CVSS5.9AI score0.10659EPSS
Exploits2
CVE
CVE
added 2026/06/12 6:22 p.m.38 views

CVE-2026-47138

CVE-2026-47138 : Parse Server suffers pre-authentication DoS via adversarial client version header input causing polynomial backtracking in the request-header parser. Affected before fixes in versions up to 8.6.76/9.9.0-alpha.1; patched in 8.6.77 and 9.9.1-alpha.1. An unauthenticated attacker wit...

8.7CVSS5.2AI score0.00584EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 5:12 p.m.28 views

CVE-2026-47216 Typesense: Unauthenticated Denial of Service in the Typesense /multi_search Endpoint

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multisearch endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 5:12 p.m.106 views

CVE-2026-47216 Typesense: Unauthenticated Denial of Service in the Typesense /multi_search Endpoint

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multisearch endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS5.3AI score0.00336EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48943

Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to...

8.7CVSS5.3AI score0.00336EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 10:44 a.m.9 views

CVE-2026-53423 Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin

Allocation of Resources Without Limits or Throttling vulnerability in membraneframework membranemp4plugin allows unauthenticated denial-of-service via BEAM atom table exhaustion. The MP4 box header parser converts each 4-byte box name to an atom using String.toatom/1 without validation...

5.9CVSS5.5AI score0.00126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.19 views

GitLab 12.10 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-7250)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

7.5CVSS5.4AI score0.0037EPSS
Exploits0References5
CVE
CVE
added 2026/06/04 2:5 p.m.142 views

CVE-2026-28318

SolarWinds Serv-U is affected by an unauthenticated Denial of Service vulnerability triggered by specially crafted POST requests with Content-Encoding: deflate. The issue can crash the Serv-U service, with exploitation observed in reports and advisories. SolarWinds has released a hotfix and mitig...

7.5CVSS5.8AI score0.10659EPSS
In wildExploits2References3Affected Software1
Cvelist
Cvelist
added 2026/05/28 3:11 p.m.36 views

CVE-2026-48525 PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For...

5.3CVSS0.00288EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44397

Name of the Vulnerable Software and Affected Versions PyJWT versions 2.8.0 through 2.12.1 Description When verifying detached JWS tokens using the unencoded-payload option "b64": false, RFC 7797, the software performs Base64URL decoding of the compact-serialization payload segment before enforcin...

5.3CVSS5.3AI score0.00288EPSS
Exploits1References237
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

IBM Aspera High-Speed Transfer Endpoint和IBM Aspera High-Speed Transfer Server 代码问题漏洞

IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server are products of American International Business Machines Corporation IBM. The IBM Aspera High-Speed Transfer Endpoint is a high-speed file transfer and data exchange node service. The IBM Aspera High-Speed Transfer...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 8:12 a.m.10 views

CVE-2026-34473

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

7.5CVSS5.8AI score0.02376EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2026/05/23 6:37 a.m.102 views

Exploit for Allocation of Resources Without Limits or Throttling in Openwebui Open_Webui

CVE-2024-12537 Open WebUI Code Format DoS Lab This repository...

7.5CVSS5.9AI score0.00879EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-14869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

7.5CVSS5.8AI score0.00354EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/19 7:25 p.m.14 views

EUVD-2026-29951

Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder...

8.7CVSS5.8AI score0.00637EPSS
Exploits1References5
Rows per page
Query Builder