6072 matches found
CVE-2026-44383 Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration
Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...
EUVD-2026-42707
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. On all QFX10000 platforms in an EVPN-VxLAN scenario, if an...
CVE-2026-57020 Junos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a multicast flood
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. On all QFX10000 platforms in an EVPN-VxLAN scenario, if an...
CVE-2026-57020
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. On all QFX10000 platforms in an EVPN-VxLAN scenario, if an...
CVE-2026-56811
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
EUVD-2026-40357
Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...
CVE-2026-58369 Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service
Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...
CVE-2026-58369
Woodpecker
PT-2026-53927
Name of the Vulnerable Software and Affected Versions Woodpecker versions prior to 3.15.0 Description The software registers the '/api/orgs/lookup/org full name' endpoint without authentication middleware. The LookupOrg handler unconditionally dereferences the session user user.ForgeID via...
CVE-2026-12549
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
EUVD-2026-38279
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
CVE-2026-12549
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
Linux Distros Unpatched Vulnerability : CVE-2026-12549
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sen...
EUVD-2026-38171
Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/ endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid...
CVE-2026-8806
The CVE-2026-8806 entry concerns Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (FX5-ENET/IP), with all versions affected. The vulnerability is described as an Expected Behavior Violation that could allow a remote attacker to cause a DoS by flooding the Ethernet port with a hi...
CVE-2026-12151
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...
Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to the Ethernet port of the product in a short period of time,...
CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...
389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)
A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...
CVE-2026-5233
Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...