Lucene search
K

73 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-59431

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00932EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2011

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.01421EPSS
Exploits1References5
OSV
OSV
added 2025/07/21 8:6 p.m.8 views

CVE-2025-54121 Starlette has possible denial-of-service vector when parsing large files in multipart forms

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

5.3CVSS7.2AI score0.0053EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/07/21 7:34 p.m.11 views

Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

5.3CVSS7.2AI score0.0053EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.5 views

PT-2025-30341

Name of the Vulnerable Software and Affected Versions Starlette versions 0.47.1 and below Description Starlette is a lightweight ASGI framework/toolkit for building async web services in Python. When parsing multi-part forms with large files exceeding the default maximum spool size, Starlette...

5.3CVSS5.6AI score0.0053EPSS
Exploits0References37
CVE
CVE
added 2025/06/24 2:8 a.m.25 views

CVE-2025-48462

CVE-2025-48462 describes a login session exhaustion vulnerability that could allow an attacker to consume all available session slots, blocking legitimate users from logging in (impact described as denial of service). Supported by connected sources: for Apache HTTP Server (PT-2025-26676) the affe...

4.2CVSS4.4AI score0.00172EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 a.m.8 views

CVE-2016-20006

The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy...

7.5CVSS7.1AI score0.01018EPSS
Exploits0References1
Atlassian
Atlassian
added 2025/05/07 9:54 a.m.37 views

Memory leak while accessing <base-url>label/<labelname> (label search) on objects created in io.micrometer.core.instrument.ImmutableTag

h3. Issue Summary Memory leak while accessing label/ label search on objects created in io.micrometer.core.instrument.ImmutableTag This is reproducible on the Data Center: yes h3. Steps to Reproduce Use the following script to search randomly for labels code:java while : do curl...

7.2AI score
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2025/03/27 2:57 p.m.8 views

CVE-2025-21892

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning the QP to...

4.7CVSS5.5AI score0.00127EPSS
Exploits0
OSV
OSV
added 2025/03/27 2:57 p.m.8 views

CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix the recovery flow of the UMR QP This patch addresses an issue in the recovery flow of the UMR QP, ensuring tasks do not get stuck, as highlighted by the call trace 1. During recovery, before transitioning the QP to...

4.7CVSS5.9AI score0.00127EPSS
Exploits0References6
OSV
OSV
added 2025/03/27 1:15 a.m.3 views

DEBIAN-CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS6.9AI score0.01157EPSS
Exploits0References1
OSV
OSV
added 2025/03/27 1:15 a.m.2 views

UBUNTU-CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

7.5CVSS5.7AI score0.01157EPSS
Exploits0References3
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10110

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

7.5CVSS0.00588EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.6 views

CVE-2024-8764 Improper Authorization in lunary-ai/lunary

A vulnerability in lunary-ai/lunary, as of commit be54057, allows users to upload and execute arbitrary regular expressions on the server side. This can lead to a Denial of Service DoS condition, as certain regular expressions can cause excessive resource consumption, blocking the server from...

7.5CVSS7.7AI score0.00761EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 8:14 p.m.9 views

CVE-2022-4105

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

7.1CVSS5.8AI score0.00454EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:25 a.m.11 views

CVE-2024-31446

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device ...

7.7CVSS7.1AI score0.00604EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/12/29 11:29 a.m.9 views

CVE-2024-56722

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots o...

5.5CVSS5.8AI score0.00217EPSS
Exploits0
CNVD
CNVD
added 2023/12/11 12:0 a.m.17 views

Hitachi Energy RTU500 series CMU Firmware Denial of Service Vulnerability

Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Japan. A denial of service vulnerability exists in Hitachi Energy RTU500 series CMU Firmware, which arises from an incomplete or incorrect layout of received APDU frames, and can be exploited by an attacker to cause ...

6.1CVSS6.8AI score0.00412EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.6 views

Hitachi Energy RTU500 跨站脚本漏洞

Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Japan. A denial of service vulnerability exists in Hitachi Energy RTU500 series CMU Firmware, which arises from an incomplete or incorrect layout of received APDU frames, and can be exploited by an attacker to cause ...

6.1CVSS6.7AI score0.00412EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.17 views

Oracle Linux 7 : libvirt (ELSA-2020-5674)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5674 advisory. - qemu: don't hold both jobs for suspend Jonathon Jongsma Orabug: 31073098 CVE-2019-20485 Tenable has extracted the preceding description block directly from th...

5.7CVSS7AI score0.00813EPSS
Exploits0References2
Rows per page
Query Builder