Lucene search
+L

12 matches found

ptsecurity
ptsecurity
added 2026/03/26 12:0 a.m.11 views

PT-2026-28471

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions prior to 2.6.0 configure Django REST Framework with BasicAuthentication as a...

9.1CVSS5.9AI score0.00513EPSS
Exploits1References7
cnnvd
cnnvd
added 2026/03/23 12:0 a.m.10 views

Nexxt Solutions Nebula 300+ 安全漏洞

The Nexxt Solutions Nebula 300+ is a wireless router produced by the Nexxt Solutions company in the United States. Versions of the Nebula 300+ with the software version 12.01.01.37 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of rate limits on the...

9.8CVSS5.8AI score0.00333EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/02/04 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of credit limits for TX operations, potentially leading to memory exhaustion...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References4
snyk
snyk
added 2026/01/19 7:48 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to no visible rate limits or monitoring. An attacker can exhaust system resources by opening a large number of connections and transmitting excessive data through the websockets...

8.3CVSS5.6AI score0.00251EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/19 7:17 p.m.4 views

CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS5.5AI score0.00251EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/19 7:17 p.m.21 views

CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these...

8.3CVSS0.00251EPSS
Exploits0References1
mscve
mscve
added 2026/01/10 9:3 a.m.6 views

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

...

8.7CVSS5.3AI score0.00412EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/01/08 3:33 p.m.4 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/03/01 5:20 p.m.9 views

CVE-2025-27157

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS6.8AI score0.00338EPSS
Exploits0References1
osv
osv
added 2025/02/27 5:12 p.m.5 views

CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS6.8AI score0.00338EPSS
Exploits0References4
attackerkb
attackerkb
added 2023/10/23 9:15 p.m.3 views

CVE-2023-27152

DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication...

9.8CVSS7.2AI score0.00889EPSS
Exploits1References2
osv
osv
added 2021/08/27 7:15 p.m.5 views

ALPINE-CVE-2021-28700

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured...

4.9CVSS6.9AI score0.0187EPSS
Exploits0References1
Rows per page
Query Builder