ROS-20260408-73-0033

A vulnerability in the dwc3 component of the Linux operating system kernel is related to excessive resource consumption in a loop. Exploitation of the vulnerability allows an attacker to cause a denial of service...

SUSE SLES15 / openSUSE 15 Security Update : python (SUSE-SU-2026:0774-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0774-1 advisory. This update for python fixes the following issue: - CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module...

CVE-2025-41693

A low privileged remote attacker can use the ssh feature to execute commands directly after login. The process stays open and uses resources which leads to a reduced performance of the management functions. Switching functionality is not affected...

EUVD-2025-33898

A weakness has been identified in Tomofun Furbo 360 up to FB0035FW036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did n...

PT-2025-41719

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions up to FB0035 FW 036 Description A weakness exists in the File Upload component of Tomofun Furbo 360. This manipulation causes resource consumption and remote exploitation is possible. The vendor was contacted regardi...

EUVD-2025-24261

Malicious code in bioql PyPI...

EUVD-2025-29400

Malicious code in bioql PyPI...

EUVD-2022-42621

Malicious code in bioql PyPI...

Jenkins LTS < 2.516.3 / Jenkins weekly < 2.528 Multiple Vulnerabilities

According to its its self-reported version number, the version of Jenkins running on the remote web server is Jenkins LTS prior to 2.516.3 or Jenkins weekly prior to 2.528. It is, therefore, affected by multiple vulnerabilities: - In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21,...

CVE-2025-5115 MadeYouReset HTTP/2 vulnerability

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...

Linux Distros Unpatched Vulnerability : CVE-2022-26498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much...

CVE-2025-33090

CVE-2025-33090 describes a denial-of-service vulnerability in IBM Concert Software versions 1.0.0–1.1.0 . A remote attacker can trigger excessive resource consumption by sending a specially crafted regular expression, exploiting an underlying regex processing weakness. Public sources (NVD/Red Hat...

swift-nio-http2 affected by HTTP/2 MadeYouReset vulnerability

The HTTP/2 MadeYouReset vulnerability has a mild effect on swift-nio-http2. swift-nio-http2 mostly protects against MadeYouReset by using a number of existing denial-of-service prevention patterns that we added in response to the RapidReset vulnerabilities. The result is that servers are not...

AMI APTIOV 安全漏洞

AMI AptioV is a firmware-related editor from American AMI. A security vulnerability exists in AMI APTIOV that stems from a competitive condition that could lead to resource exhaustion...

kitten 安全漏洞

kitten is a lightweight kernel open-sourced by HobbesOSR. A security vulnerability exists in kitten, which stems from resource consumption due to incorrect operation of the function setpteat in file /include/arch-arm64/pgtable.h...

CVE-2021-21294

Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its...

CVE-2025-0704

A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource...

Tomcat: WebSocket DoS with incomplete closing handshake

A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...

Tomcat: WebSocket DoS with incomplete closing handshake

A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...

Tomcat: WebSocket DoS with incomplete closing handshake

A denial of service DoS vulnerability present in the Apache Tomcat package arises from an incomplete cleanup process. Specifically, WebSocket clients can perpetuate WebSocket connections without proper termination, thereby causing a sustained drain on system resources. This vulnerability...