2880 matches found
EUVD-2026-34091
daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayloadSize to Autobahn's WebSocketServerFactory. Because Autobahn defaults both values to 0 unlimited, an unauthenticated remote attacker could send arbitrarily large WebSocket messages or frames, causing excessive memory...
crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building
A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...
EUVD-2022-55996
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...
PT-2026-46120
Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...
PT-2026-46127
Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enable local fetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block...
Revisiting Vul-RAG: Reproducibility and Replicability of RAG-Based Vulnerability Detection with Open-Weight Models
Large language models LLMs have shown strong potential for automated software vulnerability detection, particularly in retrieval-augmented generation RAG settings. However, for approaches relying on proprietary models and APIs, reproducibility and replicability remain largely unexplored, raising...
PT-2026-46105
Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity XXE attacks to read local files or cause denial of service - Decompression bombs zip bombs to exhaust memory and disk space - Unbounded archive extraction...
Allocation of Resources Without Limits or Throttling
Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS...
CVE-2022-4992 Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...
CVE-2026-35202
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...
CVE-2026-35202
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...
EUVD-2026-34010
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...
CVE-2026-35202 Pterodactyl has a database resource limit bypass via race condition in Client API
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broke...
CVE-2026-35202
Summary of vulnerability (CVE-2026-35202) : Pterodactyl Panel’s Client API suffers a race-condition in the database resource limiter. The code path in DatabaseController.php attempts to lock database allocations with lockForUpdate(), but the Laravel call is a no-op (no terminal operation is sent)...
CVE-2019-25719
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...
EUVD-2019-20156
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attacke...
CVE-2019-25719
Dräger Infinity Acute Care System and Standalone Infinity M540 monitors running VG4.1.1, VG4.0.3, and lower are affected by network message handling vulnerabilities. The issue allows network-adjacent attackers to spoof or tamper with data and to cause denial-of-service conditions. If an attacker ...
USN-8365-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and...
The Intersection of Encryption and AI
As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...