Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50582

Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...

6.1AI score0.00386EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/25 10:31 p.m.7 views

zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

Summary All rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing throttling that degrades service for that entity — and potentially co-located entities in...

5.3CVSS5.4AI score0.00228EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/25 2:56 p.m.33 views

CVE-2026-27695 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...

4.3CVSS0.00228EPSS
Exploits0References2
CVE
CVE
added 2026/02/25 2:56 p.m.21 views

CVE-2026-27695

The CVE concerns the zae-limiter rate limiter library. Prior to version 0.10.1 , all rate limit buckets for a single entity shared the DynamoDB partition key (namespace/ENTITY#{id}), which can cause throttling under high throughput and potentially affect co-located entities. The issue is fixed in...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder