Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4054

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 3:5 a.m.9 views

Security Bulletin: Due to use of postgresql-42.7.10.jar, IBM Sterling Connect:Direct Web Services is affected by client-side denial of service.

Summary postgresql-42.7.10.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-42198. Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial o...

7.5CVSS7AI score0.0077EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/15 9:31 p.m.5 views

GHSA-J76W-P754-G2W7 Mattermost doesn't validate the response body of proxied images

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

4.3CVSS5.8AI score0.00242EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 7:17 p.m.9 views

CVE-2026-4054

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

6.5CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:32 p.m.40 views

CVE-2026-4054 SVG content served through Mattermost image proxy despite Content-Type restrictions causes client-side denial of service

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

4.3CVSS0.00242EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 4:45 p.m.4 views

CVE-2026-20139 Client-Side Denial of Service (DoS) through ''/splunkd/__raw/services/authentication/users/username'' REST API endpoint in Splunk Enterprise

In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload into the...

4.3CVSS5.5AI score0.05145EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 4:45 p.m.18 views

CVE-2026-20139

CVE-2026-20139 affects Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform below 10.2.2510.3, 10.1.2507.8, 10.0.2503.9, and 9.3.2411.121. A low-privileged user (not admin/power) can craft a malicious payload into realname, tz, or email via the /spl...

4.3CVSS5.5AI score0.05145EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2025/12/03 5:15 p.m.6 views

CVE-2025-20389

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the...

6.5CVSS5.8AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54751

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00579EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-6736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions...

6.5CVSS6.3AI score0.00643EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 7:30 p.m.9 views

CVE-2021-27217

An issue was discovered in the sendsecuremsg function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device. Out-of-bounds reads performed by aesremovepadding can crash the running process,...

4.4CVSS4.6AI score0.01595EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/14 12:5 p.m.10 views

CVE-2024-49705 XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...

5.3CVSS6.4AI score0.00269EPSS
Exploits0References2
OSV
OSV
added 2024/12/16 8:15 a.m.8 views

CVE-2024-54083

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side webapp and mobile DoS to users of particular channels, by sending a specially crafted post...

6.5CVSS6.8AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/12/01 12:0 a.m.18 views

CVE-2023-4912

An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid...

6.5CVSS6.5AI score0.00579EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/01/29 12:0 a.m.17 views

Moodle < 3.5.16, 3.8.x < 3.8.7, 3.9.x < 3.9.4, 3.10.x < 3.10.1 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.2CVSS5.7AI score0.01572EPSS
Exploits0References3
OSV
OSV
added 2021/01/28 8:15 p.m.3 views

UBUNTU-CVE-2021-20185

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side browser denial of service for users receiving very large messages...

5.3CVSS7.2AI score0.01377EPSS
Exploits0References3
Rows per page
Query Builder