3231 matches found
CVE-2026-58369
Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...
CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the QUIC stack, when flooded with PATHCHALLENGE frames. A malicious remote peer can exhaust heap memory and terminate a QUIC client or server. Remediation A fix was pushed into the...
CVE-2026-50225
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
CVE-2026-50225 Account Creation Exhaustion
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
CVE-2026-50225
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
PT-2026-46177
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The registration endpoint '/v1/account/register' lacks bot mitigation mechanisms. This allows malicious automated systems to perform account creation exhaustion,...
UBUNTU-CVE-2026-43491
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...
CVE-2026-22925
A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the unbounded bundleCache in ResourceBundleMessageSource. An attacker can cause memory exhaustion and degrade service availability by sending numerous HTTP requests with uniqu...
RHCOS 3 : OpenShift Container Platform 3.10 (RHSA-2019:2690)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2690 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...
CVE-2025-51846
CVE-2025-51846 affects CryptPad 2025.3.1, where an unbounded WebSocket frame flood allows a remote, unauthenticated attacker to significantly degrade or deny service for all users of a CryptPad instance. The advisory states the issue is fixed in 2026.2.2. CVSS metrics from the connected CVE recor...
CVE-2026-33596
CVE-2026-33596 describes a vulnerability in PowerDNS DNSdist where a client could, in theory, cause a mismatch between queries sent to a backend and the responses by flooding with perfectly timed queries that are routed to a TCP-only or DNS over TLS backend. The issue is limited to the transport-...
PowerDNS DNSdist 输入验证错误漏洞
PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a vulnerability related to input validation errors. This vulnerability arises when clients may send a large number of precisely timed...
CVE-2026-2405
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...
CVE-2026-2405
CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...
Budibase 安全漏洞
Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.23.25 contained security vulnerabilities. These vulnerabilities stemmed from the lack...
Suricata 安全漏洞
Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 7.0.15 and 8.0.4 contained security vulnerabilities. These vulnerabilities were caused by the flooding of specially crafted HTTP2 continuation frames, which could le...
CVE-2024-53828
Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...
PT-2026-25553
arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulti...