Lucene search
K

92 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1025

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00605EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-21278

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01164EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2025/08/06 12:0 a.m.5 views

PT-2025-32158

Name of the Vulnerable Software and Affected Versions Hugging Face Transformers versions up to 4.51.3 Description A Regular Expression Denial of Service ReDoS vulnerability exists in the convert tf weight name to pt weight name function of the Hugging Face Transformers library. This function, whi...

5.3CVSS6.1AI score0.00391EPSS
Exploits1References15
Veracode
Veracode
added 2025/07/18 5:52 a.m.7 views

Denial Of Service (DoS)

resolv library is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of the length of a decompressed domain name in a DNS packet, which allows an attacker to craft a maliciously compressed DNS packet that consumes excessive CPU during name decompression...

7.5CVSS5.8AI score0.00539EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2025/07/08 12:34 a.m.23 views

CVE-2025-42954

CVE-2025-42954 affects SAP NetWeaver Business Warehouse CCAW. A privileged attacker can cause high CPU load by calling RFC-enabled function modules without input parameters, leading to reduced availability (low impact) with no confidentiality or integrity impact. Public details across sources con...

2.7CVSS6.4AI score0.00384EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.13 views

CVE-2020-20248

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...

6.5CVSS6.7AI score0.01823EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:17 p.m.8 views

CVE-2020-20221

Mikrotik RouterOs before 6.44.6 long-term tree suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...

6.8CVSS6.7AI score0.02907EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:17 p.m.9 views

CVE-2020-20230

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU...

6.5CVSS6.7AI score0.01938EPSS
Exploits1
NVD
NVD
added 2025/04/29 12:15 p.m.11 views

CVE-2025-1194

A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in the file tokenizationgptneoxjapanese.py of the GPT-NeoX-Japanese model. The vulnerability occurs in the SubWordJapaneseTokenizer class, where regular expressions...

6.5CVSS0.00384EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/04/11 8:31 p.m.24 views

CVE-2025-21601

An Improper Following of Specification by Caller vulnerability in web management J-Web, Captive Portal, 802.1X, Juniper Secure Connect JSC of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine...

8.7CVSS6.8AI score0.004EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/02 7:36 p.m.14 views

CVE-2025-29908

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...

5.3CVSS7.2AI score0.00545EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-29408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms o...

6.5CVSS6.7AI score0.0086EPSS
Exploits0References3
OSV
OSV
added 2025/01/29 10:15 p.m.11 views

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS7.4AI score0.17935EPSS
Exploits0References2
OSV
OSV
added 2025/01/06 1:52 p.m.21 views

CVE-2024-5594

OpenVPN before 2.6.11 does not santize PUSHREPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs...

9.1CVSS9AI score0.00819EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/05 12:7 p.m.10 views

spring-expression: Denial of service when processing a specially crafted Spring Expression Language expression

A flaw was found in the Spring framework package. A maliciously crafted Spring Expression Language SePL may trigger uncontrolled CPU usage, leading to a denial of service in the application consuming it. To be considered vulnerable, one application has to evaluate user-supplied SpEL expressions...

4.3CVSS7.2AI score0.00536EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/08/16 2:14 a.m.4 views

SUSE CVE-2024-23184

Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...

5.8CVSS6.9AI score0.00839EPSS
Exploits2References7
OSV
OSV
added 2024/04/12 2:33 p.m.12 views

SUSE-SU-2024:1273-1 Security update for the Linux Kernel RT (Live Patch 10 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505001335 fixes one issue. The following security issue was fixed: - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU bsc1219296...

7.5CVSS7.2AI score0.0094EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/11 5:48 p.m.5 views

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

7.5CVSS6.7AI score0.99995EPSS
Exploits0References7
OSV
OSV
added 2024/03/22 11:7 a.m.4 views

OESA-2024-1324 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: The DNS...

7.5CVSS6.9AI score0.99995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/26 7:19 p.m.5 views

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

7.5CVSS6.7AI score0.99995EPSS
Exploits0References7
Rows per page
Query Builder