I'm locked in!

Welcome to this week's edition of the Threat Source newsletter. I've struggled a lot over the last few years with balance. I want to follow the news closely, but at the same time, I want to block everything out for self-preservation. Add in the fact that I love history and I'm an empath, and you'...

CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

EUVD-2025-7062

Malicious code in bioql PyPI...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial Of Service DoS. The vulnerability is due to missing or insufficient validation of GraphQL query depth and complexity, allows attackers to craft overly complex queries that overwhelm the server...

CVE-2021-32722

GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb70568e20e961ea1cb70904454a671b1d are affected by an uncontrolled resource consumption vulnerability. A large amount of page moves within a short space of time could overwhelm Database servers due to improper handling of load...

GHSA-79RP-V9RM-GXM8 FastChat Denial of Service vulnerability

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-6893 Journyx Unauthenticated XML External Entities Injection

The "soapcgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources...

Lack of access control

Lines of code Vulnerability details The 'createReferralCode' function in the 'Referrals' contract allows any address to create a referral code. This could potentially lead to spam or misuse of the system. Impact If an attacker is able to create a large number of referral codes, they could...

Cross site request forgery (csrf)

The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the...

Reddit: Application level DOS at Login Page ( Accepts Long Password )

Application-level Denial of Service DOS It is an emerging class of security attacks on sites. They aim to overwhelm the site by flooding the server with requests that are disguised as legitimate users. The sudden increase in traffic shuts down machines and networks to make them unavailable to oth...

At 21 Tbps, reaching new levels of IPv6 traffic!

While setting a new record of 140 Tbps of peak traffic delivered on February 11th, Akamai reached another new milestone in the process: 21 Tbps of peak IPv6 traffic delivered! The global adoption of IPv6 is important to the future of the Internet and Akamai has been committed to helping move IPv6...

Bird Chat 1.61 - Denial of Service

No description provided by source. / Bird Chat 1.61 - Denial Of Service - Proof Of Concept Coded by: Donato Ferrante / import java.net.Socket; import java.net.InetAddress; import java.net.ConnectException; import java.net.SocketTimeoutException; import java.io.OutputStream; import...

Link Logger syslogd resource overwhelm DoS

Remote: yes Credit: Mike Cyr, aka h00die Vulnerable: 2.4.10.15 ddwrt version but more than likely all versions Discussion: Link Logger is a program for logging, analysis and reporting of router traffic so you can easily spot attacks and abuses on your network. By sending a ton of spoofed traffic,...