CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

BIT-ELK-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to an internal Kibana API, causing the Kibana process to exhaust available...

6.5CVSS5.8AI score0.00042EPSS

Exploits0References2

RedhatCVE•added 5 days ago•5 views

CVE-2026-33464

6.5CVSS5.8AI score0.00042EPSS

Exploits0References1

NVD•added 6 days ago•11 views

CVE-2026-33464

6.5CVSS0.00042EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•3 views

CVE-2026-33464

6.5CVSS5.8AI score0.00042EPSS

Exploits0References2Affected Software1

Cvelist•added 6 days ago•27 views

CVE-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

6.5CVSS0.00042EPSS

Exploits0References1

EUVD•added 6 days ago•6 views

EUVD-2026-33010

6.5CVSS5.8AI score0.00042EPSS

Exploits0References1

Vulnrichment•added 6 days ago•3 views

CVE-2026-33464 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

6.5CVSS5.8AI score0.00042EPSS

Exploits0References1

Elastic•added 6 days ago•8 views

Kibana 8.19.16, 9.3.5, 9.4.1 Security Update (ESA-2026-32)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to...

6.5CVSS5.7AI score0.00042EPSS

Exploits0

Positive Technologies•added 6 days ago•3 views

PT-2026-44491

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Uncontrolled Resource Consumption in Kibana can lead to a denial of service via Excessive Allocation. An authenticated user with a low-privileged role can submit a specially crafted, oversized...

6.5CVSS5.8AI score0.00042EPSS

Exploits0References4

CVE•added 2026/05/10 12:44 p.m.•9 views

CVE-2021-47944

The CVE-2021-47944 entry concerns memono Notepad 4.2, where a denial-of-service condition can be triggered by pasting excessively long character buffers into note fields. A payload of ~350,000 repeated characters pasted twice into a new note can crash the iOS version. The vulnerability is documen...

8.7CVSS5.8AI score0.00052EPSS

Exploits0References2

NVD•added 2026/05/05 8:16 p.m.•3 views

CVE-2026-34461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.8CVSS0.00006EPSS

Exploits0References1

EUVD•added 2026/05/05 7:28 p.m.•3 views

EUVD-2026-27461

7.3CVSS6.5AI score0.00006EPSS

Exploits0References1

Positive Technologies•added 2026/05/05 12:0 a.m.•3 views

PT-2026-37227

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description The SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID SBIE INI RUN SBIE CTRL message is processed before standard sandbox and impersonation checks. For callers not...

7.8CVSS6.5AI score0.00006EPSS

Exploits0References6

CVE•added 2026/05/01 2:15 p.m.•6 views

CVE-2026-43017

CVE-2026-43017 concerns the Linux kernel Bluetooth MGMT mesh path. It fixes missing validation of adv_data_len in mesh_send, which could allow out-of-bounds access in queued commands. The description and connected advisories indicate: affected software is the Linux kernel; root cause is failure t...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/04/26 1:19 p.m.•30 views

CVE-2018-25273 CrossFont 7.5 Denial of Service via License Key Field

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an...

6.9CVSS0.00019EPSS

Exploits0References2

Vulnrichment•added 2026/04/26 1:19 p.m.•1 views

CVE-2018-25273 CrossFont 7.5 Denial of Service via License Key Field

6.9CVSS5.7AI score0.00019EPSS

Exploits0References2

Positive Technologies•added 2026/04/26 12:0 a.m.•1 views

PT-2026-35243

6.9CVSS5.7AI score0.00019EPSS

Exploits0References3

NVD•added 2026/04/12 1:16 p.m.•2 views

CVE-2019-25689

HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payload exceeding 997 bytes and paste it into the KEY CODE field in the Help Register dialog to trigge...

8.6CVSS0.00018EPSS

Exploits1References3

Snyk•added 2026/04/09 12:31 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /changes webhook endpoint. An attacker can exhaust system memory by sending an oversized JSON payload. Remediation Upgrade github.com/mattermost/mattermost-plugin-msteams/serv...

7.1CVSS5.8AI score0.00018EPSS

Exploits0References2

Snyk•added 2026/04/09 12:31 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /lifecycle webhook endpoint. An attacker can exhaust system memory and disrupt service availability by sending an oversized JSON payload. Remediation Upgrade...

6.5CVSS5.8AI score0.00018EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by