1095 matches found
CVE-2021-47971
My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an...
EUVD-2021-34826
Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...
PT-2026-41458
Name of the Vulnerable Software and Affected Versions Sticky Notes & Color Widgets version 1.4.2 Description A denial of service issue allows attackers to crash the application by creating notes with excessively long character strings. By pasting large payloads of repeated characters into note...
CVE-2025-62313 HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced.
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...
CVE-2025-62313
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the lack of adequate brute-force attack protection measures. This vulnerability may lead to repeated authentication attempts, potentially resulting in...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the luoretrievefile function. When retrieval fails, this function does not record the attempt...
CVE-2023-54347
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...
CVE-2023-54347 OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass
OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...
CVE-2026-35901
The CVE-2026-35901 describes a handling issue in the RTSP service of Mercury MIPC252W (1.0.5 Build 230306 Rel.79931n). An authenticated attacker can trigger a denial-of-service by repeatedly sending SETUP requests for the same media track within a single RTSP session, causing the RTSP connection ...
CVE-2026-35901
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connectio...
CVE-2026-35902
The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameters, an unauthenticated attacker can cause the RTSP service to enter a persistent authentication...
PT-2026-43159
Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.43.11 Description A heap buffer overflow occurs on 32-bit builds when compiling regular expressions containing a repeated fixed string. The issue resides in the Perl study chunk function within regcomp study.c, which...
Allocation of Resources Without Limits or Throttling
Overview github.com/free5gc/pcf/internal/sbi/processor is a None Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. via repeated HTTP requests to the OAM endpoint, which trigger the router.Use process. An attacker can exhaust system memory an...
Security update for cockpit (important)
openSUSE security update: security update for cockpit ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20504-1 Rating: important References: bsc1257836 bsc1258641 Cross-References: CVE-2026-25547 CVE-2026-26996 CVSS scores: CVE-2026-25547 SUSE : 7.5...
CVE-2026-40476 graphql-php: Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation
graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...
CVE-2026-40476
graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs On² pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU...
Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...
SUSE-SU-2026:21241-1 Security update for cockpit
This update for cockpit fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed ...
CVE-2026-3861
Affected software: LINE client for iOS (versions prior to 26.3.0). Vulnerability details: In the in-app browser, opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially making the iOS device temporarily ino...