3465 matches found
CVE-2026-31949 LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...
CVE-2026-28356 ReDoS in multipart 1.3.0 - `parse_options_header()`
multipart is a fast multipart/form-data parser for python. Prior to 1.2.2, 1.3.1 and 1.4.0-dev, the parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipar...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005918)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005918 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...
CVE-2026-29076 cpp-httplib: Stack Overflow Denial of Service (DoS) via std::regex in multipart filename parsing
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex libstdc++ to parse RFC 5987 encoded filename values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep...
CVE-2026-28395
OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension must be installed and enabled relay server that treats wildcard hosts as loopback addresses, allowing the relay HTTP/WS server to bind to all interfaces when a wildcard cdpUrl...
CVE-2026-29074
CVE-2026-29074 affects SVGO (SVG Optimizer), a Node.js library/CLI for optimizing SVGs. Versions 2.1.0–before 2.8.1, 3.0.0–before 3.3.3, and before 4.0.1 accept XML with custom entities without guards against entity expansion/recursion, enabling DoS via entity expansion that can stall or crash th...
Cisco Nexus 3600 9500-R Series Switching Platforms Layer 2 Loop DoS (cisco-sa-nxos-ether-dos-Kv8YNWZ4)
According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability with the Ethernet VPN EVPN Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated,...
RHEL 10 : grafana (RHSA-2026:3831)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3831 advisory. Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: crypto/x509:...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
PT-2026-23024
Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in the JSTokenize...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: brotli (UTSA-2026-005387)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005387 advisory. Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli decompression implementation. The protection mechanism...
CVE-2026-1876 Denial-of-Service (DoS) vulnerability in Ethernet function of MELSEC iQ-F Series Ethernet module
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition on the products by continuously sending UDP packets to the products. A...
Security update 5.1.2 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: Backported security patches for Salt vendored tornado: CVE-2025-67724: Fixed missing validation of supplied reason phrase bsc1254903 CVE-2025-67725: Fixed DoS via malicious HTTP request bsc1254905 CVE-2025-67726: Fixed HTTP header paramete...
SUSE-SU-2026:0623-1 Security update for python-tornado
This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...
Linux Distros Unpatched Vulnerability : CVE-2025-14905
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the schemaattrenumcallback function within the schema.c file. This...
CLSA-2026-1771248733 Fix CVE(s): CVE-2025-68618, CVE-2025-69204
SECURITY UPDATE: Malicious SVG file resulted in a DoS attack - debian/patches/CVE-2025-68618.patch: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-68618 SECURITY UPDATE: WriteSVGImage function, using an int variable to store numberattributes caused an integer overflow a...
CVE-2025-1924
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions a...
CVE-2025-54147
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
PT-2026-7545
Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that, if exploited by a remote attacker with a user account, could lead to a denial-of-service DoS attack. The issue is a NULL pointer dereference...