PT-2026-45026

Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...

Unity Linux 20.1060e / 20.1070e Security Update: bind (UTSA-2026-017490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017490 advisory. In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versio...

Vert.x has a DoS via unbounded server-side SNI SslContext cache growth

Potential unbounded server-side SNI SslContext cache growth in Vert.x TLS handling, with = resource-exhaustion / DoS impact. On affected versions, matching server-side SNI names are cached via computeIfAbsentserverName, ... in a serverName-keyed SslContext cache. The implementation differs slight...

GHSA-QXHC-WX3P-2WMG @fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

Impact @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded. Under sustained load,...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the unbounded formattersCache in TimeConverterRegistrar. An attacker can exhaust system memory and cause a server crash by sending numerous HTTP requests with unique...

Allocation of Resources Without Limits or Throttling

Overview io.vertx:vertx-core is a tool-kit for building reactive applications on the JVM. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the TLS handshake process, where the SslContext cache can be forced to grow indefinitely. The...

OpenTelemetry 资源管理错误漏洞

OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry 1.15.2 and earlier contained a resource management vulnerability. This vulnerability stemmed from the Zipkin exporter’s remote endpoint caching unbounded key...

Astra Linux - уязвимость в bind9

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of the BIND Supported Preview Edition, as well as release version 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploiting broken authoritative servers using a flaw in response...

GHSA-F5V8-V6Q3-Q4H6 Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

DEBIAN-CVE-2025-12084

When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...

ROS-20251112-03

A vulnerability in the OpenSSL cryptographic library is related to the use of a non-standard option SSLOPNOTICKET, in which the session cache continues to grow indefinitely. Exploiting the vulnerability could Allow an attacker acting remotely to cause a denial of service...

Denial Of Service (DoS)

vllm is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded in-memory cache growth due to allowing unique schema requests to continually populate the grammar cache, potentially exhausting system RAM...

CVE-2025-2559

Keycloak has a DoS vulnerability due to JWT token cache exhaustion when tokens have long expirations (e.g., 24–48 hours), causing the in-memory cache to grow and potentially run out of memory. Multiple connected sources confirm this as a cache exhaustion risk leading to denial of service. Red Hat...

Keycloak 安全漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. A security vulnerability exists in Keycloak versions 26.1.4 and earlier, which stems from a potentially infinite growth of the cache when using JWT tokens for authentication, potentially leading to a...

PYSEC-2025-223

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime by creating a unique cache entry for each MatchInfoError when a request method is not allowed. This can lead to unbounded cache growth, resulting in a memory leak. Remediation Upgrade...

DEBIAN-CVE-2024-52303

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...

openSUSE: Security Advisory for openssl (SUSE-SU-2024:1947-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:1949-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1949-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 bsc1222548. Tenable has extracted the preceding description block...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2024:1808-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1808-1 advisory. - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 bsc1222548. Tenable has extracted th...