Lucene search
K

773 matches found

OSV
OSV
added 2 days ago3 views

BIT-ELASTICSEARCH-2026-49090 Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS6AI score0.00251EPSS
Exploits0References2
IBM AIX
IBM AIX
added 5 days ago6 views

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-13878 CVE-2026-1519 CVE-2026-3592 CVE-2026-5946 CVE-2026-5950)

IBM SECURITY ADVISORY First Issued: Fri Jul 3 04:02:10 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory30.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-13878, CVE-2026-1519,...

7.5CVSS7AI score0.08219EPSS
Exploits1
NVD
NVD
added last week6 views

CVE-2026-49090

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:15 p.m.16 views

CVE-2026-49090

CVE-2026-49090 affects Elasticsearch and is caused by Uncontrolled Resource Consumption (CWE-400) via the bulk API, where an authenticated user can submit specially crafted bulk requests that trigger sustained high CPU and can render a node unresponsive. The issue is publicly discussed in Elastic...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in exiv2

In Jp2Image::readMetadata in jp2image.cpp in Exiv2 0.27.2, an input file may lead to an infinite loop and system hangs, accompanied by high CPU consumption. Remote attackers could exploit this vulnerability to cause a denial of service by using a specially crafted file...

7.8CVSS6.8AI score0.04296EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in bind9

The DNS message parsing code in named includes a section whose computational complexity is excessively high. This does not cause problems for typical DNS traffic, but crafted queries and responses may lead to excessive CPU load on the affected named instance by exploiting this flaw. This issue...

7.5CVSS6.7AI score0.01327EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2026-54417

An integer overflow in the mtarnext function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service uncontrolled CPU consumption / infinite loop via a crafted tar archive. mtarnext computes the offset to the next record as rounduph.size, 512 +...

8.7CVSS0.00417EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49583

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description A Denial of Service DoS issue exists in the @angular/common package. The formatDate function, also used by the standard DatePipe,...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 9:51 p.m.8 views

GHSA-W5FM-68J4-FPC4 File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

8.7CVSS5.3AI score0.00484EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/12 9:51 p.m.14 views

File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

6.5CVSS5.3AI score0.00484EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2026/06/09 4:5 p.m.36 views

CVE-2026-49955 Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS0.00586EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47853

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

6.5CVSS5.4AI score0.00263EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.11 views

SUSE CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

6.5CVSS5.8AI score0.0056EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/04 2:23 a.m.11 views

SUSE CVE-2026-45680

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the...

7.5CVSS5.7AI score0.00319EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:36 a.m.17 views

SUSE CVE-2024-27355

An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service CPU consumption for decodeOID...

7.5CVSS7AI score0.00569EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.21 views

Linux Distros Unpatched Vulnerability : CVE-2026-42504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU. CVE-2026-42504 Note that Nessus relies on the presen...

7.5CVSS5.5AI score0.0056EPSS
Exploits0References3
NVD
NVD
added 2026/06/02 10:16 p.m.13 views

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

8.7CVSS0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:1 p.m.9 views

CVE-2026-42504

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

5.8AI score0.0056EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/02 10:1 p.m.95 views

CVE-2026-42504

CVE-2026-42504 affects the WordDecoder.DecodeHeader function in the mime package, where decoding a malicious MIME header with many invalid encoded-words leads to quadratic time complexity and potential high CPU usage. Public descriptions identify the root cause as quadratic complexity in that dec...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References4
Rows per page
Query Builder