92 matches found
CVE-2026-1659
GitLab CE/EE: CVE-2026-1659 affects all versions before 18.9.7 (9.0–18.9.x), 18.10 before 18.10.6, and 18.11 before 18.11.3. An unauthenticated user could cause a denial-of-service by sending specially crafted requests due to insufficient input validation. Remediation: patch releases have been is...
CVE-2026-8124
GPAC up to 26.02.0 is affected by CVE-2026-8124 via the sidx_box_read function in src/isomedia/box_code_base.c, enabling local resource allocation (vulnerability defined as PARTIAL availability impact). The issue is exploitable locally and has publicly disclosed exploit information. A patch ident...
Allocation of Resources Without Limits or Throttling
Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation and application crashes by injecting specially craft...
CVE-2026-26130
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in which the non-blocking async JSON parser can be made to bypass the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints. An attacker can cause...
Allocation of Resources Without Limits or Throttling
Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the getParameterNames function. An attacker can cause an OutOfMemoryError by sending requests with...
Allocation of Resources Without Limits or Throttling
Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengths with extremel...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the indefinite wait state in the HTTP response handling process. An attacker can cause worker threads to become permanently blocked by repeatedly closing HTTP connections while...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the autodecompress feature in the ZLibDecompressor class. An attacker can exhaust system memory by sending a compressed request that, when decompressed, consumes excessive...
CVE-2025-14466
The CVE affects Güralp Fortimus/Minimus/Certimus series web interfaces. An unauthenticated attacker with network access can send specially crafted HTTP requests that cause the web service process to restart, producing a brief denial-of-service during restart. Public documents do not specify techn...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the WriteRelationships function when the exclusion operator is used in the authorization schema and the server is configured with --write-relationships-max-updates-per-call greater...
EUVD-2025-1982
Malicious code in bioql PyPI...
EUVD-2024-3211
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Configuration Manager IP Edition (ITNCM) version 6.4.2 Fix Pack 23 (6.4.2.23)
Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 23 6.4.2.23 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted XML document, resulting in service disruption due to resource exhaustion...
Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.
Summary IBM Rational Build Forge 8.0.0.28 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-38286 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from...
CVE-2025-5996 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service...
CVE-2023-22739
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 stable, 3.1.0.beta2 beta, and 3.1.0.beta2 tests-passed are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an...
Security Bulletin: Denial of Service in Apache Commons Compress used by Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2024-25710, CVE-2024-26308)
Summary There is a potential denial of service in Apache Commons Compress that is used by Apache Solr and IBM Operations Analytics - Log Analysis. This is caused by loop with unreachable exit condition and allocation of resources without limits. Vulnerability Details CVEID:CVE-2024-25710...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the parseExpression function in parser.go, due to the unrestricted size of input strings, which can cause the generation of large Abstract Syntax Trees ASTs. An attacker can crash...