CVE-2025-66959

A flaw was found in ollama. A remote attacker could exploit this vulnerability by sending specially crafted input to the GGUF decoder, leading to a Denial of Service DoS. This issue can make the service unavailable to legitimate users. Mitigation Mitigation for this issue is either not available ...

CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation

Improper Input Validation CWE-20 in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation CAPEC-130 through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector...

CVE-2026-0530

CVE-2026-0530 describes an issue in Kibana Fleet where an allocation of resources without limits or throttling (CWE-770) can be triggered by a specially crafted request, causing excessive resource consumption and potential service degradation or unavailability (CAPEC-130). Affected versions span ...

Elastic Kibana Fleet 安全漏洞

Elastic Kibana Fleet is a component of Elastic Netherlands that centralizes the management and monitoring of Elastic Agent. A security vulnerability exists in Elastic Kibana Fleet that stems from an unlimited or infinite stream of resource allocations, which could lead to over-allocation via ad-h...

Elastic Kibana Email Connector 安全漏洞

Elastic Kibana Email Connector is an email service connection component from Elastic Netherlands. A security vulnerability exists in the Elastic Kibana Email Connector that stems from improper input validation, which could lead to over-assignment via specially crafted email address parameters,...

CVE-2018-18878

In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...

CVE-2025-66473

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-66473

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

EUVD-2025-202430

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-42873

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 16.10.10 and earlier, 17.0.0-rc-1 through 17.4.3, and 17.5.0-rc-1 through 17.6.0, which stems from a missing request restriction th...

PT-2026-7416

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description The internal locking mechanism within the MongoDB server utilizes an internal encoding of resources to determine which lock to acquire. A collision can occur where collections inadvertently...

CVE-2025-30188

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30188

The CVE-2025-30188 entry describes a vulnerability in Open-Xchange OX App Suite where malicious or unintentional API requests can push large amounts of data into caches. This cache growth can evict information required for the web frontend to operate, potentially causing component unavailability....

CVE-2025-30188

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29089)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which arises from a malicious or...

PT-2025-44594

Name of the Vulnerable Software and Affected Versions Apache HTTP Cache affected versions not specified Description Malicious or unintentional API requests can be used to add a significant amount of data to caches. This can lead to the eviction of information required for the web frontend to...