CVE-2026-50225

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

CVE-2026-50225 Account Creation Exhaustion

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

CVE-2026-50225

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

PT-2026-46177

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

UBUNTU-CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

CVE-2026-22925

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the unbounded bundleCache in ResourceBundleMessageSource. An attacker can cause memory exhaustion and degrade service availability by sending numerous HTTP requests with uniqu...

RHCOS 3 : OpenShift Container Platform 3.10 (RHSA-2019:2690)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2690 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...

CVE-2025-51846

CVE-2025-51846 affects CryptPad 2025.3.1, where an unbounded WebSocket frame flood allows a remote, unauthenticated attacker to significantly degrade or deny service for all users of a CryptPad instance. The advisory states the issue is fixed in 2026.2.2. CVSS metrics from the connected CVE recor...

CVE-2026-33596

CVE-2026-33596 describes a vulnerability in PowerDNS DNSdist where a client could, in theory, cause a mismatch between queries sent to a backend and the responses by flooding with perfectly timed queries that are routed to a TCP-only or DNS over TLS backend. The issue is limited to the transport-...

PowerDNS DNSdist 输入验证错误漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a vulnerability related to input validation errors. This vulnerability arises when clients may send a large number of precisely timed...

CVE-2026-2405

CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...

CVE-2026-2405

CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.23.25 contained security vulnerabilities. These vulnerabilities stemmed from the lack...

Suricata 安全漏洞

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 7.0.15 and 8.0.4 contained security vulnerabilities. These vulnerabilities were caused by the flooding of specially crafted HTTP2 continuation frames, which could le...

CVE-2024-53828

Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

PT-2026-25553

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulti...

BIT-GITLAB-2025-8099 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

UBUNTU-CVE-2026-26076

ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...

CVE-2025-15542

Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing a denial of service on incoming calls...