PT-2026-43064

Name of the Vulnerable Software and Affected Versions hackney versions 2.0.0-beta.1 through 4.0.0 Description An infinite loop exists in the Alt-Svc response header parser within src/hackney altsvc.erl. When the parse token/2 function receives a byte that is not a token, whitespace, or comma such...

MGASA-2026-0152 Updated bind packages fix security vulnerabilities

It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly CVE-2025-13878. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-on...

Astra Linux - уязвимость в linux

A remote denial-of-service vulnerability was discovered in the Linux kernel’s TIPC kernel module. The while loop in tipclinkxmit encounters an unknown state while attempting to parse SKBs that are not present in the queue. Sending two small UDP packets to a system with a UDP interface causes the...

CVE-2026-41146 facil.io and downstream iodine ruby gem vulnerable to uncontrolled resource consumption and loop with unreachable exit condition

facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, fiojsonparse can enter an infinite loop when it encounters a nested JSON value starting with i or I. The process spins in user space and pegs one CPU core at 100% instead of returning a...

EUVD-2026-24021

Signal K Server has an Unauthenticated Regular Expression Denial of Service ReDoS via WebSocket Subscription Paths...

CVE-2026-32873

ewe is a Gleam web server. Versions 0.8.0 through 3.0.4 contain a bug in the handletrailers function where rejected trailer headers forbidden or undeclared cause an infinite loop. When handletrailers encounters such a trailer, three code paths lines 520, 523, 526 recurse with the original buffer...

CVE-2025-70957

A Denial of Service DoS vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object an internal TVM type that is normally...

EUVD-2025-203841

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from specially crafted packets that could lead to excessive CPU utilization of the OSFPv3 process, potentially resulting in a...

CVE-2025-59043 OpenBao vulnerable to denial of service via malicious JSON request processing

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...

CVE-2025-52961

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management CFM daemon and the Connectivity Fault Management Manager cfmman of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker ...

EUVD-2025-33401

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management CFM daemon and the Connectivity Fault Management Manager cfmman of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker ...

CVE-2025-52961

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management CFM daemon and the Connectivity Fault Management Manager cfmman of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker ...

EUVD-2020-3444

Malware in sbrugna...

EUVD-2022-27343

Malicious code in bioql PyPI...

CVE-2025-10630

Grafana is an open-source platform for monitoring and observability. Grafana-Zabbix is a plugin for Grafana allowing to visualize monitoring data from Zabbix and create dashboards for analyzing metrics and realtime monitoring. Versions 5.2.1 and below contained a ReDoS vulnerability via...

Linux Distros Unpatched Vulnerability : CVE-2023-1390

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote denial of service vulnerability was found in the Linux kernel's TIPC kernel module. The while loop in tipclinkxmit hits an unknown state while attempti...

CVE-2023-20083

A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result...

CVE-2025-21601 Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device

An Improper Following of Specification by Caller vulnerability in web management J-Web, Captive Portal, 802.1X, Juniper Secure Connect JSC of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine...

CVE-2025-21601 Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device

An Improper Following of Specification by Caller vulnerability in web management J-Web, Captive Portal, 802.1X, Juniper Secure Connect JSC of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine...