Lucene search
+L

49 matches found

OSV
OSV
added 2026/06/23 5:12 p.m.6 views

GHSA-XP79-5MX3-JX52 Gogs has Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

The Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new goroutine without enforcing any read/write deadlines on the underlyin...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/23 12:12 p.m.11 views

EUVD-2026-38431

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 6:16 a.m.14 views

CVE-2026-1659

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted requests due to insufficient input validation...

7.5CVSS0.00355EPSS
Exploits0References3
CVE
CVE
added 2026/04/30 4:35 p.m.21 views

CVE-2025-51846

CVE-2025-51846 affects CryptPad 2025.3.1, where an unbounded WebSocket frame flood allows a remote, unauthenticated attacker to significantly degrade or deny service for all users of a CryptPad instance. The advisory states the issue is fixed in 2026.2.2. CVSS metrics from the connected CVE recor...

8.7CVSS5.2AI score0.00578EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/12 8:33 p.m.10 views

Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Summary Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. Impact An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all connected subscribers. No authentication is required...

7.5CVSS5.8AI score0.00306EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:5 p.m.3 views

CVE-2025-14513

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/10 12:25 a.m.8 views

GHSA-Q4F2-39GR-45JH Adminer has an Unauthenticated Persistent DoS via Array Injection in ?script=version Endpoint

Summary Adminer v5.4.1 has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version parameter which P...

7.5CVSS5.7AI score0.01586EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:17 a.m.7 views

CVE-2021-0174

Improper Use of Validation Framework in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access...

6.5CVSS6.7AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 8:15 p.m.8 views

CVE-2025-12044

Vault and Vault Enterprise “Vault” are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

7.5CVSS0.00517EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7120

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00533EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-32009

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01023EPSS
Exploits0References1
OSV
OSV
added 2025/09/19 7:15 p.m.5 views

CVE-2025-26516

StorageGRID formerly StorageGRID Webscale versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a Denial of Service vulnerability. Successful exploit could allow an unauthenticated attacker to cause a Denial of Service on the Admin node...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2025/08/14 5:15 p.m.6 views

CVE-2025-20217

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to incorrect...

8.6CVSS0.00683EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 3:15 p.m.6 views

CVE-2025-5462

A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 Fix deployed on 02-Aug-2025 allows a remote unauthenticated attacker to trigger a deni...

7.5CVSS0.01084EPSS
Exploits0References1
OSV
OSV
added 2025/08/04 3:3 p.m.4 views

SUSE-SU-2025:02679-1 Security update for redis

This update for redis fixes the following issues: - CVE-2025-27151: Fixed absence of filename size check may cause a stack overflow. bsc1243804 - CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog commands can lead to remote code execution. bsc1246059 - CVE-2025-48367: Fixed...

9.8CVSS6.2AI score0.03877EPSS
Exploits4References7
CVE
CVE
added 2025/06/25 7:26 a.m.26 views

CVE-2024-51983

CVE-2024-51983 is an unauthenticated DoS affecting multiple Brother/Brother-related devices (printer/ multifunction). The issue arises from improper validation of input in WS-Scan over Web Services (port 80); sending a WS-Scan SOAP request with an unexpected JobToken value crashes the device and ...

7.5CVSS7.3AI score0.07833EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 8:45 a.m.8 views

CVE-2024-31481

Unauthenticated Denial of Service DoS vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected service...

7.5CVSS6.8AI score0.0057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:0 a.m.6 views

CVE-2024-33514

Unauthenticated Denial-of-Service DoS vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service...

7.5CVSS7.1AI score0.00617EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-10051

Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service DoS attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process eac...

7.5CVSS0.00533EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-9437 Unauthenticated Denial of Service in transformeroptimus/superagi

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service DoS attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process each...

7.5CVSS7.5AI score0.00765EPSS
Exploits1References1
Rows per page
Query Builder