61 matches found
CVE-2026-58465 Eclipse Wakaama CoAP Block1 Handler Unbounded Memory Allocation DoS
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...
CVE-2026-56346
CVE-2026-56346 affects AVideo up to version 25.0, with an authentication bypass in the decryptMessage.json.php endpoint that lets unauthenticated users decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to trigger server-side decryption without credentials...
CVE-2026-43974 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...
Inefficient Algorithmic Complexity
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by...
Inadequate Encryption Strength
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of weak cryptographic key generation in the createKeys function. An attacker can gain unauthorized access to protecte...
CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...
MiracleLinux 7 : openssh-7.4p1-23.0.3.0.1.el7.AXS7 (AXSA:2025-9844:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9844:01 advisory. CVE-2025-26465: fix vulnerability in OpenSSH when the VerifyHostKeyDNS option is enabled CVEs: CVE-2025-26465 A vulnerability was found in OpenSSH when the...
CVE-2023-50247
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack quicly, as used by H2O up to commit 43f86e5 in version 2.3.0-beta and prior, is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressivel...
EulerOS 2.0 SP9 : openssh (EulerOS-SA-2026-1015)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent...
EUVD-2010-2252
Malware in sbrugna...
EUVD-2021-12932
Malware in sbrugna...
EUVD-2023-2242
Malicious code in bioql PyPI...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can exhaust CPU resources and render the application or system unresponsive by submitting a large, specially crafted data payload. Details Serialization is a...
PT-2025-36337
Name of the Vulnerable Software and Affected Versions: fs2 versions 3.12.2 and lower fs2 versions 3.13.0-M1 through 3.13.0-M6 Description: fs2, a compositional, streaming I/O library for Scala, is susceptible to denial of service attacks through TLS sessions when using fs2-io on the JVM with the...
Linux Distros Unpatched Vulnerability : CVE-2023-2253
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the /v2/catalog endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned query...
Azure Linux 3.0 Security Update: bind (CVE-2024-11187)
The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11187 advisory. - It is possible to construct a zone such that some queries to it will generate responses containing numerous...
Exploit for Allocation of Resources Without Limits or Throttling in Openbsd Openssh
CVE-2025-26466 Metasploit module OpenSSH versions 9.5p1 to...
CVE-2024-0055
Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...
CVE-2024-46667
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections...