EUVD-2026-31119

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7...

CVE-2026-34045 Podman Desktop WebView Server Exposed

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to lack of limits for decoded HTTP3 headers. An attacker can cause excessive memory allocation by sending a specially crafted QPACK-encoded HEADERS frame that expands into a large...

CVE-2025-66473

XWiki's REST API fails to enforce a limit on the number of items returned in a single request. Affected versions include 16.10.10 and earlier, 17.0.0-rc-1 through 17.4.3, and 17.5.0-rc-1 through 17.6.0. The issue can cause slowness or unavailability on large wikis, depending on wiki size and memo...

Hotdog 安全漏洞

Hotdog is a set of OCI hooks for injecting Log4j Hot Patch into containers. A resource management error vulnerability exists in Hotdog versions prior to v1.0.2, which arises from an application that does not effectively perform resource limiting, device limiting, or syscall filters on the target...

netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data

A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service...