Lucene search
K

197 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-31984

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42534

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS6AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-51606

CVE-2026-51606 affects Tenda CP3 v3.0 with firmware v31.1.9.91. The RTSP service suffers improper input handling: when an oversized field value is sent, the device terminates the TCP connection with an RST and does not return any RFC 2326‑compliant error response. Affected items include the reque...

7.5CVSS6AI score0.00324EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper error handling in the pre-receive process when processing input with bufio.Scanner. An attacker can bypass branch-protection checks by submitting oversized input that triggers scanner errors...

9.8CVSS6AI score0.00472EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

9.8CVSS0.00472EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.4 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

6AI score0.00472EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.29 views

CVE-2026-27780

The CVE-2026-27780 issue affects Gitea versions before 1.26.0, where pre-receive hook input processing with bufio.Scanner may error without failing closed, allowing oversized input to bypass branch-protection checks. The root cause is improper handling of scanner errors in the pre-receive path. A...

9.8CVSS6AI score0.00472EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55605

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.0 Description The software does not fail closed when encountering bufio.Scanner errors during the processing of pre-receive hook input. This behavior allows oversized input to bypass branch-protection checks...

9.8CVSS6AI score0.00472EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/25 5:17 p.m.38 views

CVE-2026-49839 jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS0.00165EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.31 views

CVE-2026-53182 wifi: nl80211: reject oversized EMA RNR lists

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR lists nl80211parsernrelems stores the parsed element count in a u8-backed cfg80211rnrelems::cnt field and uses that count to size the flexible array allocation. Reject nested...

7.8CVSS0.00138EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Kibana 8.x < 8.19.16 DoS (ESA-2026-39)

The version of Kibana installed on the remote host is 8.x prior to 8.19.16. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-39 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An...

6.5CVSS5.5AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.14 views

CVE-2018-25427

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

9.8CVSS0.00923EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 9:0 p.m.21 views

CVE-2018-25427

CVE-2018-25427 pertains to Arm Whois 3.11, where a stack-based buffer overflow allows remote code execution by sending oversized input to the IP address or domain field. Input longer than 658 bytes with shellcode can overwrite the Structured Exception Handler, enabling command execution during pr...

9.8CVSS6.6AI score0.00923EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 9:0 p.m.45 views

CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

9.8CVSS0.00923EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 9:0 p.m.10 views

CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

9.8CVSS6.6AI score0.00923EPSS
Exploits0References4
OSV
OSV
added 2026/06/01 11:42 a.m.8 views

BIT-KIBANA-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.7 views

BIT-ELK-2026-49094 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.15 views

PT-2026-45618

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

9.8CVSS6.6AI score0.00923EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/30 2:55 p.m.22 views

EUVD-2018-21945

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

6.9CVSS6AI score0.0014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.11 views

CVE-2026-49094

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with viewer-level access can submit a request containing an oversized input value to an analytics collections management endpoint. Kibana will consume...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Rows per page
Query Builder