CVE-2026-31870

cpp-httplib prior to 0.37.1 uses streaming API (httplib::stream::Get, httplib::stream::Post, etc.) and directly calls std::stoull on the Content-Length header without validation, causing unhandled exceptions and a deterministic crash via std::terminate() when a non-numeric or out-of-range value i...

CVE-2026-25957 Cube Denial of Service (DoS) - An authenticated attacker can crash the server by sending a specially crafted request

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

EUVD-2025-16356

Malicious code in bioql PyPI...

PT-2025-40055

Name of the Vulnerable Software and Affected Versions Argo CD versions 1.2.0 through 1.8.7 Argo CD versions 2.0.0-rc1 through 2.14.19 Argo CD versions 3.0.0-rc1 through 3.2.0-rc1 Argo CD version 3.1.7 Argo CD version 3.0.18 Description Argo CD is susceptible to denial of service through malicious...

PYSEC-2025-54

vLLM is an inference and serving engine for large language models LLMs. In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid jsonschema as a Guided Param kills the vllm server. This vulnerability is similar GHSA-9hcf-v7m4-6m2j/CVE-2025-48943, but for regex...

vLLM DOS: Remotely kill vllm over http with invalid JSON schema

Summary Hitting the /v1/completions API with a invalid jsonschema as a Guided Param will kill the vllm server Details The following API call venv derekh@ip-172-31-15-108 $ curl -s http://localhost:8000/v1/completions -H "Content-Type: application/json" -d '"model":...

PT-2025-15466 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A specially crafted request sent to an Observability API could cause the Kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability...

CVE-2024-8249

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service DoS vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an...

Denial Of Service (DoS)

gitlab is vulnerable to Denial of Service DoS attacks. Due to a regex check, the API for changing asset links produced backtracks, resulting in significant CPU consumption for some user-supplied values, causing the application to crash...

OPENSUSE-SU-2021:1053-1 Security update for icinga2

This update for icinga2 fixes the following issues: icinga2 was updated to 2.12.4 Bugfixes - Fix a crash when notification objects are deleted using the API 8782 - Fix crashes that might occur during downtime scheduling if host or downtime objects are deleted using the API 8785 - Fix an issue whe...

EUVD-2019-2616

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called...