Lucene search
K

215 matches found

HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/08/28 8:23 p.m.5 views

Vault Denial of Service Though Complex JSON Payloads

Summary A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to becom...

7.5CVSS7AI score0.00697EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2025/06/23 12:0 a.m.5 views

Important: mod_security

Issue Overview: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json,...

7.5CVSS6.7AI score0.0076EPSS
Exploits2
GithubExploit
GithubExploit
added 2025/06/12 7:59 p.m.282 views

Exploit for CVE-2025-5288

🚨 REST API | Custom API Generator For Cross Platform And Impor...

9.8CVSS7.3AI score0.00532EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2025/06/11 9:36 p.m.7 views

modsecurity: ModSecurity Has Possible DoS Vulnerability

A flaw was found in the modsecurity2 Apache2 module. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case. In stable released versions, when the payload's content type is application/json, at least one rule performs a sanitiseMatchedBytes action, a security...

7.5CVSS5.7AI score0.00586EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2025/05/25 1:14 p.m.617 views

Exploit for CVE-2025-0868

Penetration Testing Project Report: Exploiting CVE-2025-0868...

9.3CVSS8.3AI score0.15099EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/05/22 7:17 p.m.12 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.5CVSS6.8AI score0.00961EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.14 views

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

7.5CVSS6.8AI score0.01386EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.5 views

CVE-2020-27718

When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process...

7.5CVSS6.9AI score0.01031EPSS
Exploits0
OSV
OSV
added 2025/05/21 10:15 p.m.5 views

AZL-62426 CVE-2025-47947 affecting package mod_security 2.9.7-8

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS6.8AI score0.00586EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/21 10:8 p.m.4 views

CVE-2025-47947 ModSecurity Has Possible DoS Vulnerability

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content type is application/json, and there is at...

7.5CVSS7.4AI score0.00586EPSS
Exploits1References2
CVE
CVE
added 2025/05/21 10:8 p.m.145 views

CVE-2025-47947

CVE-2025-47947 affects ModSecurity up to v2.9.8, where a DoS can occur when the payload is application/json and a sanitiseMatchedBytes action is present. A patch was developed (pull request 3389) and is expected in v2.9.9; no public workarounds are listed. Related advisories confirm denial-of-ser...

7.5CVSS6.8AI score0.00586EPSS
Exploits1References2Affected Software1
FreeBSD
FreeBSD
added 2025/05/21 12:0 a.m.9 views

ModSecurity -- possible DoS vulnerability

[email protected] reports: ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case in stable released versions: when the payload's content...

7.5CVSS7.2AI score0.00586EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/05/06 11:49 p.m.401 views

Exploit for CVE-2025-1974

CVE-2025-1974IngressNightmare poc IngressNightmare Script...

9.8CVSS8.1AI score0.99098EPSS
Exploits20
RedhatCVE
RedhatCVE
added 2025/04/26 5:31 a.m.9 views

CVE-2025-28237

An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload...

8.8CVSS6.9AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/04/18 6:15 p.m.24 views

CVE-2025-28237

An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload...

8.8CVSS0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/18 12:0 a.m.7 views

CVE-2025-28237

An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload...

6.9AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/18 12:0 a.m.18 views

CVE-2025-28237

An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload...

0.0033EPSS
Exploits0References1
CVE
CVE
added 2025/04/18 12:0 a.m.64 views

CVE-2025-28237

CVE-2025-28237 affects WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1. A crafted JSON payload allows authenticated attackers to escalate privileges (per CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base score 8.8). Connected sources indicate PoC exists; exploitation status is not unifor...

8.8CVSS7.1AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/22 1:4 p.m.6 views

CVE-2024-10955

A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...

6.5CVSS6.8AI score0.00671EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:30 a.m.6 views

CVE-2024-8249

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service DoS vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an...

7.5CVSS6.8AI score0.0064EPSS
Exploits1References1
Rows per page
Query Builder