Lucene search
+L

619 matches found

SUSE CVE
SUSE CVE
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.8AI score0.00413EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 9:1 p.m.6 views

GHSA-5FVC-7894-GHP4 Craft CMS has Twig Function Blocklist Bypass

Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Closure arrow functions. In order to be able to successfully execute this attack, you need to either have allowAdminChanges enabled on production, or a compromised admin account, or an...

8.6CVSS6AI score0.00464EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.12 views

Mitsubishi Electric MELSEC iQ-F series 安全漏洞

The Mitsubishi Electric MELSEC iQ-F series is a programmable logic controller developed by Mitsubishi Electric, a Japanese company. The MELSEC iQ-F series contains security vulnerabilities, which stem from improper resource closure or release procedures. This could allow remote attackers to cause...

8.7CVSS5.8AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2026/02/28 10:16 p.m.3 views

CVE-2026-28555

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

4.3CVSS5.9AI score0.00268EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/26 4:25 a.m.14 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/25 3:20 p.m.4 views

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

KrakenD 安全漏洞

KrakenD is an open-source, scalable high-performance API gateway developed by KrakenD. It helps you easily adopt microservices and secure communication. There were security vulnerabilities in versions of KrakenD prior to 2.13.1 and KrakenD-EE prior to 2.12.5. These vulnerabilities stemmed from...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/23 1:36 a.m.5 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/02/18 10:30 a.m.3 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/02/16 10:31 a.m.4 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking the state during socket closure, potentially leading to deadlocks...

5.8AI score0.00167EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.7 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS5.6AI score0.00413EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/12 8:7 p.m.5 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References12
NVD
NVD
added 2026/02/12 7:15 p.m.13 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS0.00413EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 7:15 p.m.19 views

CVE-2026-21438

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

5.3CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/12 6:22 p.m.5 views

CVE-2026-21435 webtransport-go CloseWithError can block indefinitely

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

5.3CVSS5.6AI score0.00413EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 6:22 p.m.6 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

5.3CVSS5.6AI score0.00413EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/12 6:22 p.m.36 views

CVE-2026-21435 webtransport-go CloseWithError can block indefinitely

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

5.3CVSS0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 6:22 p.m.10 views

CVE-2026-21435 webtransport-go CloseWithError can block indefinitely

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

5.3CVSS5.7AI score0.00413EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/12 3:29 p.m.5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the CloseWithError function. An attacker can cause the process to hang indefinitely by withholding QUIC flow control credit on the CONNECT stream, which prevents the transmission of the...

7.5CVSS5.6AI score0.00413EPSS
Exploits0References2
Rows per page
Query Builder