CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/20 1:16 p.m.•6 views

ALPINE-CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

EUVD•added 2026/05/20 1:9 p.m.•9 views

EUVD-2026-31106

AlpineLinux•added 2026/05/20 1:9 p.m.•10 views

Exploits0References4

CVE-2026-3592

CVE•added 2026/05/20 1:9 p.m.•41 views

Exploits0References4

CVE-2026-3592

CVE-2026-3592 affects BIND resolvers. A specially crafted zone can cause amplified resource consumption, impacting availability (LOW) for various BIND 9 branches (9.11.0–9.16.50, 9.18.0–9.18.48, 9.20.0–9.20.22, 9.21.0–9.21.21, plus S1 variants). Public details confirm the vulnerability and affect...

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/17 12:0 a.m.•8 views

PT-2026-42155

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.48 BIND versions 9.20.0 through 9.20.22 BIND versions 9.21.0 through 9.21.21 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.48-S1 BIND...

9.8CVSS5.8AI score0.01644EPSS

Exploits0References47

SUSE CVE•added 2025/02/14 4:25 a.m.•3 views

SUSE CVE-2024-47401

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1 and 9.5.x = 9.5.9 fail to prevent detailed error messages from being displayed in Playbooks which allows an attacker to generate a large response and cause an amplified GraphQL response which in turn could cause the application to crash by...

7.5CVSS7.8AI score0.00442EPSS

Exploits0References5

OSV•added 2024/12/18 7:24 p.m.•2 views

CVE-2024-49363 Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey

Misskey is an open source, federated social media platform. In affected versions FileServerService media proxy in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed...

7.4CVSS7.1AI score0.00305EPSS

Exploits0References3

OSV•added 2024/10/29 9:30 a.m.•24 views

GHSA-762V-RQ7Q-FF97 Mattermost Server vulnerable to application crash from attacker-generated large response

5.3CVSS4.6AI score0.00442EPSS

Exploits0References4

OSV•added 2024/10/29 9:15 a.m.•2 views

CVE-2024-47401

7.5CVSS6.4AI score

Cvelist•added 2024/10/29 8:11 a.m.•44 views

CVE-2024-47401 DoS via Amplified GraphQL Response in Playbooks

4.3CVSS0.00442EPSS

Amazon•added 2024/05/15 12:0 a.m.•2 views

Important: unbound

Issue Overview: An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a maliciously designed authority and response amplification. CVE-2024-33655 Affected Packages: unbound Note: This advisory is applicable to Amazon Linux 2 AL2 Co...

7.5CVSS7AI score0.01729EPSS

OSV•added 2022/08/17 4:15 p.m.•3 views

CVE-2022-22455

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989...

9.8CVSS5.8AI score0.00438EPSS

Exploits0References2

VulnCheck KEV•added 2022/08/10 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-0028

A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks...

8.6CVSS7.3AI score0.02025EPSS

Code423n4•added 2021/09/29 12:0 a.m.•3 views

Adding imbalanced liquidity earns extra rewards

Handle broccoli Vulnerability details Adding imbalanced liquidity earns extra rewards Impact When a user provides liquidity with unbalanced balance. It should be the same as swapping tokens and adding lp. However, the liquidity the users get is calculated as follow: uint256 computed =...

6.9AI score

The Hacker News•added 2020/12/25 6:22 a.m.•4 views

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...

6AI score

RedHat Linux•added 2020/11/04 2:21 a.m.•1 views

kernel: Red Hat only CVE-2020-12352 regression

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the...

6.5CVSS6.8AI score0.05714EPSS

Exploits4References6

CERT•added 2020/06/08 12:0 a.m.•122 views

Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

Overview The Universal Plug and Play UPnP protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. Description The UPnP protocol, as specified by the Open Connectivity Foundation OCF, is designed to provide automatic...

7.8CVSS8.1AI score0.15193EPSS

Exploits3References5

The Hacker News•added 2020/05/20 11:16 a.m.•285 views

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service DDoS attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to...

7.5CVSS0.3AI score0.04372EPSS