Lucene search
K

3231 matches found

NVD
NVD
added 2 days ago7 views

CVE-2026-58369

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS0.00362EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 1:55 p.m.29 views

CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00317EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the QUIC stack, when flooded with PATHCHALLENGE frames. A malicious remote peer can exhaust heap memory and terminate a QUIC client or server. Remediation A fix was pushed into the...

8.7CVSS5.4AI score0.00511EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 10:16 a.m.12 views

CVE-2026-50225

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

9.1CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 9:29 a.m.39 views

CVE-2026-50225 Account Creation Exhaustion

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

8.8CVSS0.00243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 9:29 a.m.5 views

CVE-2026-50225

The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...

8.8CVSS5.8AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46177

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The registration endpoint '/v1/account/register' lacks bot mitigation mechanisms. This allows malicious automated systems to perform account creation exhaustion,...

9.1CVSS5.4AI score0.00243EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 12:16 p.m.7 views

UBUNTU-CVE-2026-43491

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added per node. A malicious client can flood NEWSERVER messages and exhaust memory. Fix this issue by...

5.5CVSS5.7AI score0.00144EPSS
Exploits0References10
NVD
NVD
added 2026/05/12 10:16 a.m.16 views

CVE-2026-22925

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by...

8.7CVSS0.00324EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 7:57 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the unbounded bundleCache in ResourceBundleMessageSource. An attacker can cause memory exhaustion and degrade service availability by sending numerous HTTP requests with uniqu...

6.3CVSS5.8AI score0.00209EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 3 : OpenShift Container Platform 3.10 (RHSA-2019:2690)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2690 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...

8.1CVSS7AI score0.83433EPSS
Exploits1References8
CVE
CVE
added 2026/04/30 4:35 p.m.14 views

CVE-2025-51846

CVE-2025-51846 affects CryptPad 2025.3.1, where an unbounded WebSocket frame flood allows a remote, unauthenticated attacker to significantly degrade or deny service for all users of a CryptPad instance. The advisory states the issue is fixed in 2026.2.2. CVSS metrics from the connected CVE recor...

8.7CVSS5.2AI score0.00578EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/04/22 1:47 p.m.20 views

CVE-2026-33596

CVE-2026-33596 describes a vulnerability in PowerDNS DNSdist where a client could, in theory, cause a mismatch between queries sent to a backend and the responses by flooding with perfectly timed queries that are routed to a TCP-only or DNS over TLS backend. The issue is limited to the transport-...

6.5CVSS5.7AI score0.00169EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

PowerDNS DNSdist 输入验证错误漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a vulnerability related to input validation errors. This vulnerability arises when clients may send a large number of precisely timed...

6.5CVSS5.8AI score0.00169EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 4:16 p.m.2 views

CVE-2026-2405

CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...

6.5CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 3:19 p.m.2 views

CVE-2026-2405

CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.8 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.23.25 contained security vulnerabilities. These vulnerabilities stemmed from the lack...

7.5CVSS5.8AI score0.00297EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

Suricata 安全漏洞

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 7.0.15 and 8.0.4 contained security vulnerabilities. These vulnerabilities were caused by the flooding of specially crafted HTTP2 continuation frames, which could le...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/04/01 10:16 a.m.4 views

CVE-2024-53828

Ericsson Packet Core Controller PCC versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

5.3CVSS0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.6 views

PT-2026-25553

arduino-TuyaOpen before version 1.2.1 contains a null pointer dereference vulnerability in the WiFiUDP component. An attacker on the same local area network can send a large volume of malicious UDP packets to cause memory exhaustion on the device, triggering a null pointer dereference and resulti...

7.1CVSS5.8AI score0.00271EPSS
Exploits0References6
Rows per page
Query Builder