Lucene search
+L

1095 matches found

attackerkb
attackerkb
added 2026/05/16 3:26 p.m.10 views

CVE-2021-47971

My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/05/16 3:26 p.m.11 views

EUVD-2021-34826

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/16 12:0 a.m.17 views

PT-2026-41458

Name of the Vulnerable Software and Affected Versions Sticky Notes & Color Widgets version 1.4.2 Description A denial of service issue allows attackers to crash the application by creating notes with excessively long character strings. By pasting large payloads of repeated characters into note...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/05/14 4:7 p.m.15 views

CVE-2025-62313 HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced.

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/14 4:7 p.m.10 views

CVE-2025-62313

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/05/14 12:0 a.m.10 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the lack of adequate brute-force attack protection measures. This vulnerability may lead to repeated authentication attempts, potentially resulting in...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/13 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the luoretrievefile function. When retrieval fails, this function does not record the attempt...

5.8AI score0.00102EPSS
Exploits0References1
nvd
nvd
added 2026/05/05 12:16 p.m.29 views

CVE-2023-54347

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

8.7CVSS0.00537EPSS
Exploits1References4
cvelist
cvelist
added 2026/05/05 11:24 a.m.37 views

CVE-2023-54347 OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

8.7CVSS0.00537EPSS
Exploits1References4
cve
cve
added 2026/04/27 12:0 a.m.18 views

CVE-2026-35901

The CVE-2026-35901 describes a handling issue in the RTSP service of Mercury MIPC252W (1.0.5 Build 230306 Rel.79931n). An authenticated attacker can trigger a denial-of-service by repeatedly sending SETUP requests for the same media track within a single RTSP session, causing the RTSP connection ...

4.4CVSS5.3AI score0.00247EPSS
Exploits1References1Affected Software1
attackerkb
attackerkb
added 2026/04/27 12:0 a.m.2 views

CVE-2026-35901

A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connectio...

4.4CVSS5.2AI score0.00247EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/27 12:0 a.m.39 views

CVE-2026-35902

The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication...

0.00178EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.13 views

PT-2026-43159

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.43.11 Description A heap buffer overflow occurs on 32-bit builds when compiling regular expressions containing a repeated fixed string. The issue resides in the Perl study chunk function within regcomp study.c, which...

10CVSS6AI score0.00398EPSS
Exploits1References27
snyk
snyk
added 2026/04/22 5:6 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview github.com/free5gc/pcf/internal/sbi/processor is a None Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. via repeated HTTP requests to the OAM endpoint, which trigger the router.Use process. An attacker can exhaust system memory an...

8.7CVSS5.8AI score0.00515EPSS
Exploits1References2
opensuse
opensuse
added 2026/04/21 12:0 a.m.7 views

Security update for cockpit (important)

openSUSE security update: security update for cockpit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20504-1 Rating: important References: bsc1257836 bsc1258641 Cross-References: CVE-2026-25547 CVE-2026-26996 CVSS scores: CVE-2026-25547 SUSE : 7.5...

8.7CVSS5.7AI score0.00519EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/17 9:42 p.m.25 views

CVE-2026-40476 graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

6.9CVSS0.00485EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/17 9:42 p.m.5 views

CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...

6.9CVSS5.8AI score0.00485EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2026/04/17 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

7.5CVSS6.4AI score0.00403EPSS
Exploits0References4
osv
osv
added 2026/04/16 1:9 p.m.7 views

SUSE-SU-2026:21241-1 Security update for cockpit

This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed ...

9.2CVSS7.3AI score0.00519EPSS
Exploits1References5
cve
cve
added 2026/04/16 5:54 a.m.38 views

CVE-2026-3861

Affected software: LINE client for iOS (versions prior to 26.3.0). Vulnerability details: In the in-app browser, opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially making the iOS device temporarily ino...

7.1CVSS5.3AI score0.00305EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder