Lucene search
K

706 matches found

Cvelist
Cvelist
added 2026/07/06 8:38 a.m.39 views

CVE-2026-24012 Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

0.00546EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:38 a.m.2 views

CVE-2026-24012 Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6.1AI score0.00546EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 8:38 a.m.16 views

CVE-2026-24012

CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...

7.5CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 7:55 a.m.5 views

EUVD-2026-41825

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

8.1CVSS6AI score0.00546EPSS
Exploits1References1
OSV
OSV
added 2026/07/06 7:55 a.m.8 views

CVE-2026-42527 Apache Camel: Permissive default ObjectInputFilter pattern admits java.net.** and enables DNS-based information disclosure

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

8.1CVSS6.1AI score0.00546EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:9 a.m.5 views

platform/x86: dell-wmi-sysman: bound enumeration string aggregation

...

5.5CVSS6.1AI score0.00172EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 7:41 p.m.8 views

EUVD-2026-39853

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...

5.8AI score0.00114EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.8 views

CVE-2026-53318

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...

5.5CVSS5.7AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the mt7925 tx check aggr function. This occurs when the sta variable is dereferenced before a NULL check is performed, which can lead to a system...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References18
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38890

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individu...

5.8AI score0.00172EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.4 views

CVE-2026-53022

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populateenumdata aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individu...

5.5CVSS0.00172EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the issue where UMR hangs in the LAG error state during device unloading. During a firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during devic...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:47 a.m.5 views

BIT-MONGODB-2026-9753 Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

8.1CVSS5.9AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:47 a.m.2 views

BIT-MONGODB-2026-9749 Using MaxKey() may crash the server

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS6.1AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 5:47 a.m.3 views

BIT-MONGODB-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.8AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:48 a.m.6 views

BIT-MONGODB-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:48 a.m.6 views

BIT-MONGODB-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.4AI score0.00307EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

MongoDB 8.0.x < 8.0.24 DoS

The version of MongoDB installed on the remote host is 8.0.x prior to 8.0.24. It is, therefore, affected by a denial of service vulnerability: - In Vulnerable MongoDB Server versions, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is...

7.1CVSS5.3AI score0.00307EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-9749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving...

7.1CVSS5.7AI score0.0027EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.55 views

MongoDB 7.0.x < 7.0.35 / 8.0.x < 8.0.24 / 8.2.x < 8.2.10 / 8.3.x < 8.3.3 / 9.0.0-rc0 Multiple Vulnerabilities

The version of MongoDB installed on the remote host is 7.0.x prior to 7.0.35, 8.0.x prior to 8.0.24, 8.2.x prior to 8.2.10, or 8.3.x prior to 8.3.3. It is, therefore, affected by multiple vulnerabilities: - A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References10
Rows per page
Query Builder