Lucene search
K

182 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-24012

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS0.00546EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41856

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6AI score0.00546EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 6:16 p.m.10 views

CVE-2026-14631

webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught...

5.3CVSS0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 11:42 a.m.7 views

EUVD-2026-40947

@fastify/middie versions 9.1.0 through 9.3.2 fail to guard the URL normalization step used by the standalone engine when incoming request paths contain malformed percent-encoded sequences. Inputs such as an incomplete percent escape or a truncated multibyte sequence cause the underlying decoder t...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54638

Name of the Vulnerable Software and Affected Versions @fastify/middie versions 9.1.0 through 9.3.2 Description An issue exists in the standalone engine's URL normalization and decoding process where malformed percent-encoded sequences in incoming request paths are not properly guarded...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/15 9:55 p.m.10 views

EUVD-2026-37012

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 11:47 p.m.25 views

CVE-2026-46543

CVE-2026-46543 (Nimiq blockchain) affects the Rust implementation

5.3CVSS5.5AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.12 views

CVE-2026-7768

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS5.5AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41584

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...

9.2CVSS5.3AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:42 p.m.7 views

GHSA-RM5C-5X2P-48WR Klever-Go KVM: Unauthenticated remote node crash (nil-pointer DoS) in klever-go P2P transaction interceptor (txVersionChecker nil RawData) - potential chain halt

Summary Every transaction gossiped on the klever-go P2P network is decoded and validated synchronously inside the libp2p pubsub topic-validator callback. The validator txVersionChecker.CheckTxVersion dereferences tx.RawData.Version with no nil check. A protobuf Transaction whose embedded RawData...

7.5CVSS5.5AI score0.00058EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/23 5:8 a.m.14 views

Denial Of Service (DoS)

@libp2p/gossipsub is vulnerable to Denial of Service DoS. The vulnerability is due to missing limits on subscription entries, unbounded topic handling, and failure to clean up empty topic sets, which allows an attacker to exhaust Node.js heap memory and crash the process through crafted...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.12 views

PT-2026-42672

Name of the Vulnerable Software and Affected Versions core-rs-albatross affected versions not specified Description A remote, unauthenticated denial-of-service issue exists in the MerkleRadixTrie::put chunk function. A malicious state-sync peer can cause a node to crash by responding to a...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42671

Name of the Vulnerable Software and Affected Versions Nimiq versions prior to 1.5.0 Description A remote peer can cause a full node to crash by sending a RequestBatchSet message that includes the hash of the genesis block. This occurs because the handler invokes the get epoch chunks function, whi...

5.3CVSS5.5AI score0.00291EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 9:16 p.m.45 views

CVE-2026-40092 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS0.00626EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:16 p.m.9 views

CVE-2026-40092

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS5.9AI score0.00626EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.15 views

Nimiq 安全漏洞

Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from malicious network peer nodes publishing specially crafted Kademlia DHT records where the length of the signature field is...

7.5CVSS5.8AI score0.00626EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 4:31 p.m.13 views

GHSA-27W2-87XV-37C6 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

7.5CVSS6AI score0.00626EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/15 4:31 p.m.12 views

nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

7.5CVSS6AI score0.00626EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.14 views

PT-2026-41387

Name of the Vulnerable Software and Affected Versions nimiq-blockchain versions prior to 1.4.0 Description A malicious network peer can crash a Nimiq full node by publishing a crafted Kademlia DHT record. The record contains a TaggedSigned with a signature field whose byte length is not exactly 6...

7.5CVSS5.9AI score0.00626EPSS
Exploits0References7
NVD
NVD
added 2026/05/08 3:16 p.m.11 views

CVE-2026-41585

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

6.9CVSS0.00257EPSS
Exploits0References1
Rows per page
Query Builder