68 matches found
CVE-2026-59725
CVE-2026-59725 affects Socket.IO’s Engine.IO polling transport (versions 4.1.0–6.6.6). The root cause is that invalid binary POST requests with Content-Type: application/octet-stream are not properly closing the HTTP response, enabling unauthenticated attackers to exhaust server-side connections ...
next.js: Next.js: Denial of Service via crafted POST requests to server actions
A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open,...
CVE-2026-35225
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections...
Astra Linux – Vulnerability in Jetty9
Jetty is a Java-based web server and servlet engine. An HTTP/2 SSL connection that is established and becomes TCP congested may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the serve...
CVE-2026-35227
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...
CVE-2026-44579
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...
CVE-2026-44579 Next.js: Denial of Service via connection exhaustion in applications using Cache Components
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...
CVE-2026-44579 Next.js: Denial of Service via connection exhaustion in applications using Cache Components
Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected...
PT-2026-39943
An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...
GHSA-MG66-MRH9-M8JX Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to a server action. In affected configurations, a malicious request can trigger a request-body handling deadlock that leaves connections ope...
NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components
NPM: Next.js vulnerable to Denial of Service via connection exhaustion in applications using Cache Components vulnerability discovered by ? in WordPress Npm next versions = 15.0.0, 15.5.16...
CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...
CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Following the initial publication of the Security Advisory about a denial of service DoS condition in Cisco Crosswork Network Controller and Cisco Network Services Orchestrator NSO, additional information has been made available to the Cisco Product Security Incident Response Team PSIRT. Upon...
CVE-2026-31711 smb: server: fix active_num_conn leak on transport allocation failure
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix activenumconn leak on transport allocation failure Commit 77ffbcac4e56 "smb: server: fix leak of activenumconn in ksmbdtcpnewconnection" addressed the kthreadrun failure path. The earlier alloctransport == NULL...
CVE-2026-35225 Improper timeout handling in CODESYS EtherNetIP
An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS EtherNet/IP adapter stack, preventing legitimate clients from establishing new connections...
CVE-2026-35225
Summary of CVE-2026-35225 (CODESYS EtherNet/IP adapter stack) : An unauthenticated remote attacker can exhaust all TCP connections, preventing legitimate clients from establishing new connections. Root cause cited in reports is improper timeout handling during connection management. Impact stated...
CVE-2026-40719
Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved...
CVE-2026-40719
CVE-2026-40719 affects MaraDNS 3.5.0036, where the Deadwood component allows a remote attacker to exhaust connection slots by exploiting a zone whose authoritative nameserver address cannot be resolved. The issue impacts availability (CVE score 7.5, CVSS v3.1; network access, low complexity, no p...
CVE-2021-47865
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...
EUVD-2026-3621
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...