379 matches found
CVE-2026-33508 Parse Server: LiveQuery subscription query depth bypass
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...
GHSA-6QH5-M6G3-XHQ6 Parse Server LiveQuery subscription query depth bypass
Impact Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription requests. An attacker can send a subscription with deeply nested logical operators, causing excessive recursion and CPU consumption that degrade...
Linux Distros Unpatched Vulnerability : CVE-2026-26076
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above norma...
CVE-2019-25342
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...
CVE-2019-25342 Centova Cast 3.2.12 - Denial of Service
Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load by sending multiple concurrent requests to the /api.php endpoint with crafted parameters...
UBUNTU-CVE-2026-26076
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
CVE-2026-26076 ntpd-rs affected by excessive CPU load from malformed packets
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
Centova Cast 安全漏洞
Centova Cast is an internet-based broadcast streaming media management control panel developed by Centova Corporation in Canada. Version 3.2.12 of Centova Cast contains a security vulnerability. This vulnerability stems from the repeated invocation of the database export API endpoint, which could...
CVE-2026-24738
gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...
CVE-1999-0747
Denial of service in BSDi Symmetric Multiprocessing SMP when an fstat call is made when the system has a high CPU load...
CVE-2025-8872
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...
CVE-2025-49643
An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...
UBUNTU-CVE-2025-49643
An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...
CVE-2025-49643
An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...
CVE-2025-49643
An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...
PT-2025-48444
Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description An authenticated Zabbix user, including a Guest user, can cause a disproportionate CPU load on the webserver. This is achieved by sending specially crafted parameters to the /imgstore.php API...
CVE-2025-66361
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...
CVE-2025-66361
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load...