Lucene search
K

61 matches found

Cvelist
Cvelist
added yesterday21 views

CVE-2026-58465 Eclipse Wakaama CoAP Block1 Handler Unbounded Memory Allocation DoS

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...

8.7CVSS
Exploits0References4
CVE
CVE
added 2026/06/20 6:27 p.m.23 views

CVE-2026-56346

CVE-2026-56346 affects AVideo up to version 25.0, with an authentication bypass in the decryptMessage.json.php endpoint that lets unauthenticated users decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to trigger server-side decryption without credentials...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 2:12 p.m.39 views

CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS0.00381EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/22 5:42 p.m.7 views

Inefficient Algorithmic Complexity

Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:49 p.m.3 views

Inadequate Encryption Strength

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of weak cryptographic key generation in the createKeys function. An attacker can gain unauthorized access to protecte...

9.2CVSS5.8AI score0.00251EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 11:7 p.m.28 views

CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS0.00436EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

8.3CVSS7.8AI score0.01533EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

MiracleLinux 7 : openssh-7.4p1-23.0.3.0.1.el7.AXS7 (AXSA:2025-9844:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9844:01 advisory. CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled CVEs: CVE-2025-26465 A vulnerability was found in OpenSSH when the...

6.8CVSS7AI score0.06997EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:37 p.m.8 views

CVE-2023-50247

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...

7.5CVSS6.8AI score0.00857EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.0 views

EulerOS 2.0 SP9 : openssh (EulerOS-SA-2026-1015)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...

6.8CVSS6.8AI score0.06997EPSS
Exploits4References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-2252

Malware in sbrugna...

7.2CVSS6.3AI score0.00716EPSS
Exploits1References32
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-12932

Malware in sbrugna...

6.5CVSS6.5AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2242

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01084EPSS
Exploits1References11
Snyk
Snyk
added 2025/09/15 4:43 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can exhaust CPU resources and render the application or system unresponsive by submitting a large, specially crafted data payload. Details Serialization is a...

8.7CVSS6.7AI score0.0059EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.6 views

PT-2025-36337

Name of the Vulnerable Software and Affected Versions: fs2 versions 3.12.2 and lower fs2 versions 3.13.0-M1 through 3.13.0-M6 Description: fs2, a compositional, streaming I/O library for Scala, is susceptible to denial of service attacks through TLS sessions when using fs2-io on the JVM with the...

5.3CVSS6.3AI score0.00398EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-2253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query...

6.5CVSS7.2AI score0.00938EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/12 12:0 a.m.4 views

Azure Linux 3.0 Security Update: bind (CVE-2024-11187)

The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11187 advisory. - It is possible to construct a zone such that some queries to it will generate responses containing numerous...

7.5CVSS7AI score0.14614EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/06/23 1:0 p.m.1063 views

Exploit for Allocation of Resources Without Limits or Throttling in Openbsd Openssh

CVE-2025-26466 Metasploit module OpenSSH versions 9.5p1 to...

6.8CVSS7AI score0.38474EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.7 views

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

6.5CVSS6.8AI score0.00596EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:4 a.m.4 views

CVE-2024-46667

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections...

7.5CVSS7AI score0.00572EPSS
Exploits0References1
Rows per page
Query Builder