8639 matches found
CVE-2025-71377
CVE-2025-71377 affects stoatchat (delta) versions before 20250210-1 (0.8.2). The issue is a logic error in the query messages route: when fetching messages labeled as 'nearby' another message, the code can pass a message limit of zero, which the database interprets as no limit. An unauthenticated...
CVE-2026-23538
A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...
CVE-2026-23538
The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast >=0.1...
EUVD-2026-44838
A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...
CVE-2026-23538 Feast: resource exhaustion via websocket endpoint
A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...
CVE-2026-55399
CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...
CVE-2026-55399
CVE-2026-55399 affects the Secure Access publisher prior to version 14.55. It is a resource-exhaustion vulnerability where attackers with valid credentials to the Secure Access tunnel can trigger a non-persistent DoS against the publisher. CVSS v4.0 base score is 5.1 (Medium), with network attack...
CVE-2026-55399 Resource exhaustion vulnerability in the Secure Access publisher
CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...
EUVD-2026-44805
CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...
CVE-2026-61868
ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...
CVE-2026-61866
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...
EUVD-2026-44617
ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...
CVE-2026-61866 ImageMagick before 7.1.2-26 Memory Leak in JNG encoder
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...
EUVD-2026-44615
ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...
CVE-2026-61866
CVE-2026-61866 affects ImageMagick before 7.1.2-26. A memory leak occurs in the JNG encoder when a blob cannot be opened, and attackers can trigger it by providing malformed JNG files that fail blob operations, causing resource exhaustion. No remediation details are provided in the supplied docum...
PT-2026-60299
Name of the Vulnerable Software and Affected Versions Secure Access publisher versions prior to 14.55 Description A resource exhaustion issue exists in the Secure Access publisher. Attackers possessing valid credentials for the Secure Access tunnel can trigger a non-persistent Denial of Service...
CVE-2026-46627
Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...
CVE-2026-46627 Twig: Sandbox resource exhaustion via unbounded `for` / `range()`
Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...
CVE-2026-46627 Twig: Sandbox resource exhaustion via unbounded `for` / `range()`
Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...
CVE-2026-46627
CVE-2026-46627 concerns Twig, a PHP template engine. Before 3.26.0, Twig’s sandbox does not prevent a template from consuming CPU, memory, or wall-clock time even with an allow-list, allowing resource exhaustion via unbounded for/range usage. The issue is mitigated in version 3.26.0, which docume...