PT-2026-36103

Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent URIs, an attacker can exhaust critical system resources, including file descriptors and memory...

CVE-2025-58473

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click...

PT-2025-39224

Name of the Vulnerable Software and Affected Versions Click Plus C2-03CPU-2 version 3.60 Description An improper resource shutdown or release issue exists in the Click Plus C2-03CPU-2 device. An unauthenticated attacker can cause a denial-of-service by exhausting all available device sessions of...

Fortinet FortiSIEM 安全漏洞

Fortinet FortiSIEM is a security information and event management system from Fortinet. The system includes features such as asset discovery, workflow automation, and unified management. A security vulnerability exists in Fortinet FortiSIEM that stems from the inclusion of a resource allocation...

CVE-2023-6777

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 9.0.34 due to the plugin adding the API key to several plugin files. This makes it possible for unauthenticated attackers to obtain the developer's...

GHSA-68P4-95XF-7GX8 Denial of service from large image

Impact An high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is low due to the high privileges required...

"It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete?

Privileged Access Management PAM solutions are regarded as the common practice to prevent identity threats to administrative accounts. In theory, the PAM concept makes absolute sense: place admin credentials in a vault, rotate their passwords, and closely monitor their sessions. However, the hars...

Inefficient Regular Expression Complexity in josdejong/jsoneditor

✍️ Description The jsoneditor package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex...

Inefficient Regular Expression Complexity in pksunkara/inflect

✍️ Description The inflect package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide a crafted tablename as input to the classify function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. 🕵️‍♂️...

CVE-2020-13273

Removed by vendor...

A New Clue for the Kryptos Sculpture

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74? Holding on to one of the world's most enticing secrets can be stressful. Some would-be codebreakers...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

Design/Logic Flaw

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2018-1000090

textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. This attack appear to be exploitable via Uploading a specially crafted XML file...

CVE-2017-12293

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected software. An attacker could exploit this...

tomcat: non-persistent DoS attack by feeding data by aborting an upload

It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made...

Menasoft SPHEREserver 0.99 Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4258/info Menasoft SPHEREserver .99 is an online role playing game server. It is vulnerable to a denial of service; multiple connections to the server can be made from a single machine, exhausting available connections an...

Unzuthorized file access via file stdio decriptors in multiple Unix systems

By exhausting all file descriptors and closing stderr it's possible to causesituation called application will open new file with descriptor 2 and all stderr output will be redirected to file. In few systems it's enougth to close standard descriptor...