589 matches found
Next.js: Next.js: Authorization bypass via crafted query parameters
A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could...
CVE-2026-56148
Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...
CVE-2026-56148
Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...
EUVD-2026-41065
Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...
CVE-2026-44628
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...
DEBIAN-CVE-2026-44628
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...
EUVD-2026-40412
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...
CVE-2026-44628
CVE-2026-44628 corresponds to an OFFIS DCMTK Toolkit Type Confusion issue. An unauthenticated attacker can crash the worklist server by sending a single crafted query when the server has a valid Called AE Title/storage directory, the expected lockfile, and at least one matching worklist record. T...
CVE-2026-44628
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...
CVE-2026-44628 OFFIS DCMTK Toolkit Type Confusion
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...
PT-2026-53987
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can cause a crash of the worklist server by sending a single crafted query. This occurs when the server is configured with a valid...
DEBIAN-CVE-2025-61027
An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
CVE-2025-61023
The CVE-2025-61023 entry concerns openlink virtuoso-opensource, specifically the st_compare component in version 7.2.11. Multiple connected sources confirm that a flaw in st_compare can be exploited by sending crafted SQL statements, resulting in a Denial of Service (DoS) that can render the serv...
CVE-2025-61028
An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...
Security Bulletin: IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index (CVE-2026-1352)
Summary IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index. Vulnerability Details CVEID:CVE-2026-1352 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server...
CVE-2026-6051
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...
CVE-2026-1718
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled...
CVE-2026-30923
A flaw was found in libModSecurity3, a component of the ModSecurity web application firewall WAF. An attacker can exploit a segmentation fault by sending a specially crafted query string parameter containing a single character, which is then processed by a rule using the t:hexDecode transformatio...
CVE-2026-35906
CVE-2026-35906 affects T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. The vulnerability stems from an undocumented debug CGI endpoint that is accessible without authentication, allowing an attacker to supply a crafted HTTP query string to execute arbitrary commands with root privile...
Linux Distros Unpatched Vulnerability : CVE-2026-44574
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect...