73 matches found
EUVD-2023-59431
Malicious code in bioql PyPI...
EUVD-2022-2011
Malicious code in bioql PyPI...
CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms
Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...
Starlette has possible denial-of-service vector when parsing large files in multipart forms
Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...
PT-2025-30341
Name of the Vulnerable Software and Affected Versions Starlette versions 0.47.1 and below Description Starlette is a lightweight ASGI framework/toolkit for building async web services in Python. When parsing multi-part forms with large files exceeding the default maximum spool size, Starlette...
CVE-2025-48462
CVE-2025-48462 describes a login session exhaustion vulnerability that could allow an attacker to consume all available session slots, blocking legitimate users from logging in (impact described as denial of service). Supported by connected sources: for Apache HTTP Server (PT-2025-26676) the affe...
CVE-2016-20006
The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...
Memory leak while accessing <base-url>label/<labelname> (label search) on objects created in io.micrometer.core.instrument.ImmutableTag
h3. Issue Summary Memory leak while accessing label/ label search on objects created in io.micrometer.core.instrument.ImmutableTag This is reproducible on the Data Center: yes h3. Steps to Reproduce Use the following script to search randomly for labels code:java while : do curl...
CVE-2025-21892
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning the QP to...
CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning the QP to...
DEBIAN-CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
UBUNTU-CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
CVE-2024-10110
In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...
CVE-2024-8764 Improper Authorization in lunary-ai/lunary
A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service DoS condition, as certain regular expressions can cause excessive resource consumption, blocking the server from...
CVE-2022-4105
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...
CVE-2024-31446
OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...
CVE-2024-56722
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots o...
Hitachi Energy RTU500 series CMU Firmware Denial of Service Vulnerability
Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Japan. A denial of service vulnerability exists in Hitachi Energy RTU500 series CMU Firmware, which arises from an incomplete or incorrect layout of received APDU frames, and can be exploited by an attacker to cause ...
Hitachi Energy RTU500 跨站脚本漏洞
Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Japan. A denial of service vulnerability exists in Hitachi Energy RTU500 series CMU Firmware, which arises from an incomplete or incorrect layout of received APDU frames, and can be exploited by an attacker to cause ...
Oracle Linux 7 : libvirt (ELSA-2020-5674)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5674 advisory. - qemu: don't hold both jobs for suspend Jonathon Jongsma Orabug: 31073098 CVE-2019-20485 Tenable has extracted the preceding description block directly from th...