569 matches found
CVE-2025-2586 Ols: unauthenticated metrics flooding in openshift lightspeed service leading to resource exhaustion
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk...
CVE-2025-2586
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk...
Red Hat OpenShift Lightspeed 资源管理错误漏洞
Red Hat OpenShift Lightspeed is an acceleration tool based on the OpenShift platform from Red Hat, Inc. It is designed to increase the speed of development and deployment of Kubernetes applications. Red Hat OpenShift Lightspeed suffers from a resource management error vulnerability that stems fro...
PT-2025-13692 · Red Hat · Openshift Lightspeed Service
Name of the Vulnerable Software and Affected Versions: OpenShift Lightspeed Service affected versions not specified Description: A flaw in the OpenShift Lightspeed Service makes it vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints, such as...
CVE-2025-30225
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
ChuanhuChatGPT Denial of Service Vulnerability
ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. A denial of service vulnerability exists in ChuanhuChatGPT version 20240918, which can be exploited by an attacker to cause the system to...
CVE-2025-30350
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350
Directus and its storage-driver-s3 component are affected by a DoS-like asset unavailability vulnerability triggered by a burst of HEAD requests. Affected range: @directus/storage-driver-s3 versions prior to 12.0.1 (corresponding to Directus 9.22.0–11.5.0). When many HEAD checks occur, assets can...
CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30350 Directus's S3 assets become unavailable after a burst of HEAD requests
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225 Directus's S3 assets become unavailable after a burst of malformed transformations
Directus is a real-time API and App dashboard for managing SQL database content. The @directus/storage-driver-s3 package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a...
CVE-2025-30225
The CVE affects Directus users via the @directus/storage-driver-s3 driver: versions 9.22.0 up to 11.5.0 (paired Directus 9.22.0 to 11.5.0) are vulnerable to asset unavailability after a burst of malformed transformation requests, causing all assets to return 403 under load. The issue is fixed in ...
Denial Of Service (DoS)
litellm is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of multipart boundaries, allowing an attacker to append characters in HTTP requests, leading to excessive resource consumption and service unavailability...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.22.0 through 11.5.0 that stems from a large number of HEAD requests that could result in unavailable assets...
Directus 安全漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 9.22.0 through 11.5.0, which stems from a malformed conversion request that could lead to asset unavailability...