Lucene search
+L

285 matches found

ptsecurity
ptsecurity
added 2026/03/03 12:0 a.m.8 views

PT-2026-22742

Name of the Vulnerable Software and Affected Versions Django versions 4.2 before 4.2.29 Django versions 5.2 before 5.2.12 Django versions 6.0 before 6.0.3 Django versions 3.2.x and earlier Django versions 4.1.x and earlier Django versions 5.0.x and earlier Description A race condition exists in...

3.7CVSS5.9AI score0.00341EPSS
Exploits0References153
snyk
snyk
added 2026/03/02 9:41 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the registeredStates map used during OAuth2 state handling. An attacker can cause the service to crash and become unavailable by sending multiple concurrent requests to the...

8.2CVSS5.8AI score0.00394EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/02/25 4:6 a.m.6 views

CVE-2026-27128

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

6.9CVSS5.5AI score0.00176EPSS
Exploits0References1
osv
osv
added 2026/02/24 2:42 a.m.11 views

CVE-2026-27128 Craft CMS's race condition in Token Service potentially allows for token usage greater than the token limit

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References4
snyk
snyk
added 2026/02/23 10:16 p.m.3 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the getTokenRoute function. An attacker can bypass token usage limits by sending concurrent requests before the database update completes,...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References2
osv
osv
added 2026/02/23 10:16 p.m.12 views

GHSA-6FX5-5CW5-4897 Craft CMS Race condition in Token Service potentially allows for token usage greater than the token limit

A Time-of-Check-Time-of-Use TOCTOU race condition exists in Craft CMS’s token validation service for tokens that explicitly set a limited usage. The getTokenRoute method reads a token’s usage count, checks if it’s within limits, then updates the database in separate non-atomic operations. By...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References4
nvd
nvd
added 2026/02/12 11:16 p.m.13 views

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS0.004EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/12 10:48 p.m.2 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/12 10:48 p.m.31 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS0.004EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/12 10:48 p.m.8 views

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/02/12 1:4 a.m.12 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

8.1CVSS5.6AI score0.00351EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/02/12 12:0 a.m.13 views

PT-2026-7941

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS5.5AI score0.004EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/02/11 12:0 a.m.5 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

8.1CVSS5.9AI score0.00351EPSS
Exploits1References4
nessus
nessus
added 2026/02/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-1035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse...

3.1CVSS5.3AI score0.00282EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/02 8:38 p.m.5 views

CVE-2026-24040

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...

6.3CVSS5.3AI score0.00253EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2026/02/02 8:38 p.m.27 views

CVE-2026-24040 jsPDF has a Shared State Race Condition in addJS Plugin

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable text to store JavaScript content. When used in a concurrent environment e.g., a Node.js web server, this variable is shared across all requests. ...

6.3CVSS0.00253EPSS
Exploits1References3
snyk
snyk
added 2026/02/02 6:20 p.m.3 views

Race Condition

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Race Condition in the addJS function due to the use of a shared module-scoped variable for storing JavaScript content. An attacker can cause sensitive data intended for one user to be...

6.3CVSS5.5AI score0.00253EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/01/28 9:16 p.m.6 views

CVE-2020-36950

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/27 3:23 p.m.3 views

CVE-2020-36950

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/01/27 12:0 a.m.8 views

PT-2026-4929

Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server...

8.7CVSS5.9AI score0.00316EPSS
Exploits0References5
Rows per page
Query Builder