Lucene search
+L

13 matches found

osv
osv
added 2026/04/04 6:13 a.m.2 views

GHSA-6Q22-G298-GRJH Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver

Summary The GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution ...

7.5CVSS6AI score
Exploits0References2
redhat
redhat
added 2026/02/05 2:53 p.m.8 views

hibernate-reactive-core: Hibernate Reactive: Denial of Service due to connection leak on HTTP client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/01/26 7:36 p.m.3 views

CVE-2025-14969 Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/26 12:0 a.m.10 views

PT-2026-4807

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References3
osv
osv
added 2026/01/20 6:36 p.m.2 views

GHSA-V4W8-49PV-MF72 ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion

Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...

7.5CVSS5.7AI score0.00494EPSS
Exploits1References7
vulnrichment
vulnrichment
added 2026/01/19 6:39 p.m.1 views

CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS5.4AI score0.00494EPSS
Exploits1References5
osv
osv
added 2026/01/19 6:39 p.m.4 views

CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS5.5AI score0.00494EPSS
Exploits1References7
nessus
nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-16942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

9.8CVSS7.5AI score0.05728EPSS
Exploits0References2
nessus
nessus
added 2025/08/19 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2020-36185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

8.1CVSS7.1AI score0.05218EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2020/08/25 12:0 a.m.6 views

PT-2020-3965 · Fasterxml +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x prior to 2.9.10.6 Description: The issue is related to the mishandling of the interaction between serialization gadgets and typing in FasterXML jackson-databind, specifically with the component...

9.8CVSS6.7AI score0.26587EPSS
Exploits27References214
redhatcve
redhatcve
added 2020/08/18 7:29 p.m.30 views

CVE-2020-10758

A flaw was found in Keycloak. This flaw allows an attacker to perform a denial of service attack by sending multiple simultaneous requests with a Content-Length header value greater than the actual byte count of the request body. The highest threat from this vulnerability is to system availabilit...

7.5CVSS0.5AI score0.02242EPSS
Exploits0References3
redhat
redhat
added 2020/05/26 4:9 p.m.4 views

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05728EPSS
Exploits0References4
redhat
redhat
added 2020/05/18 10:24 a.m.6 views

jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.*

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the commons-dbcp gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or...

9.8CVSS7.4AI score0.05728EPSS
Exploits0References4
Rows per page
Query Builder