Lucene search
K

379 matches found

Vulnrichment
Vulnrichment
added 2026/03/24 6:21 p.m.2 views

CVE-2026-33508 Parse Server: LiveQuery subscription query depth bypass

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...

8.2CVSS5.7AI score0.00345EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 9:48 p.m.4 views

GHSA-6QH5-M6G3-XHQ6 Parse Server LiveQuery subscription query depth bypass

Impact Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrade...

8.2CVSS5.8AI score0.00345EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-26076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above norma...

7.5CVSS6AI score0.00349EPSS
Exploits0References2
NVD
NVD
added 2026/02/12 11:16 p.m.13 views

CVE-2019-25342

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS0.004EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/12 10:48 p.m.28 views

CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service

Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...

7.5CVSS0.004EPSS
Exploits0References3
OSV
OSV
added 2026/02/12 10:16 p.m.5 views

UBUNTU-CVE-2026-26076

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

7.5CVSS5.8AI score0.00349EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/12 9:48 p.m.4 views

CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

6.9CVSS5.6AI score0.00349EPSS
Exploits0References3
OSV
OSV
added 2026/02/12 9:48 p.m.7 views

CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

6.9CVSS5.7AI score0.00349EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/12 9:48 p.m.30 views

CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

6.9CVSS0.00349EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.6 views

Centova Cast 安全漏洞

Centova Cast is an internet-based broadcast streaming media management control panel developed by Centova Corporation in Canada. Version 3.2.12 of Centova Cast contains a security vulnerability. This vulnerability stems from the repeated invocation of the database export API endpoint, which could...

7.5CVSS5.8AI score0.004EPSS
Exploits0References3
NVD
NVD
added 2026/01/27 9:16 p.m.20 views

CVE-2026-24738

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

6.5CVSS0.00265EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:40 a.m.7 views

CVE-1999-0747

Denial of service in BSDi Symmetric Multiprocessing SMP when an fstat call is made when the system has a high CPU load...

2.1CVSS6.9AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 8:15 p.m.8 views

CVE-2025-8872

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

7.1CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2025/12/01 2:16 p.m.7 views

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

6.5CVSS0.00319EPSS
Exploits0References1
OSV
OSV
added 2025/12/01 2:16 p.m.7 views

UBUNTU-CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

6.5CVSS6.6AI score0.00319EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/12/01 1:5 p.m.10 views

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

6.5CVSS6.4AI score0.00319EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/12/01 1:5 p.m.5 views

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

6.5CVSS6.7AI score0.00319EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.6 views

PT-2025-48444

Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description An authenticated Zabbix user, including a Guest user, can cause a disproportionate CPU load on the webserver. This is achieved by sending specially crafted parameters to the /imgstore.php API...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/11/28 9:10 a.m.22 views

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

6.9CVSS6.7AI score0.00249EPSS
Exploits0References1
OSV
OSV
added 2025/11/28 12:15 a.m.7 views

CVE-2025-66361

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References1
Rows per page
Query Builder