Lucene search
+L

8643 matches found

Cvelist
Cvelist
added 14 hours ago9 views

CVE-2026-62220 OpenClaw 2026.2.25 < 2026.5.26 WebSocket Rate Limit Bypass

OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...

6.3CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2025-71377

CVE-2025-71377 affects stoatchat (delta) versions before 20250210-1 (0.8.2). The issue is a logic error in the query messages route: when fetching messages labeled as 'nearby' another message, the code can pass a message limit of zero, which the database interprets as no limit. An unauthenticated...

8.7CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS0.0074EPSS
Exploits0References4
CVE
CVE
added yesterday20 views

CVE-2026-23538

The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast &gt;=0.1...

7.5CVSS6.1AI score0.0074EPSS
Exploits0References4
EUVD
EUVD
added yesterday10 views

EUVD-2026-44838

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS6.1AI score0.0074EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday26 views

CVE-2026-23538 Feast: resource exhaustion via websocket endpoint

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS0.0074EPSS
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-55399

CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...

5.1CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-55399

CVE-2026-55399 affects the Secure Access publisher prior to version 14.55. It is a resource-exhaustion vulnerability where attackers with valid credentials to the Secure Access tunnel can trigger a non-persistent DoS against the publisher. CVSS v4.0 base score is 5.1 (Medium), with network attack...

5.1CVSS6.1AI score0.00226EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-55399 Resource exhaustion vulnerability in the Secure Access publisher

CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...

5.1CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44805

CVE-2026-55399 is a resource exhaustion vulnerability in the Secure Access publisher prior to 14.55. Attackers with valid credentials to the Secure Access tunnel can create a non-persistent DoS against the publisher...

5.1CVSS6.1AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-61866

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

7.5CVSS0.00187EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-61868

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...

6.3CVSS0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44617

ImageMagick before 7.1.2-26 and 6.9.x before 6.9.13-51 contains a memory leak in the YUV decoder that occurs when opening of the blob fails. Repeated triggering can lead to resource exhaustion denial of service...

6.3CVSS6.1AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-61866 ImageMagick before 7.1.2-26 Memory Leak in JNG encoder

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

2.9CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44615

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the JNG encoder when a blob cannot be opened. Attackers can trigger the memory leak by providing malformed JNG files that fail blob operations, causing resource exhaustion...

2.9CVSS6.1AI score0.00187EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-61866

CVE-2026-61866 affects ImageMagick before 7.1.2-26. A memory leak occurs in the JNG encoder when a blob cannot be opened, and attackers can trigger it by providing malformed JNG files that fail blob operations, causing resource exhaustion. No remediation details are provided in the supplied docum...

7.5CVSS6.1AI score0.00187EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-60299

Name of the Vulnerable Software and Affected Versions Secure Access publisher versions prior to 14.55 Description A resource exhaustion issue exists in the Secure Access publisher. Attackers possessing valid credentials for the Secure Access tunnel can trigger a non-persistent Denial of Service...

5.1CVSS6.1AI score0.00226EPSS
Exploits0References5
NVD
NVD
added 3 days ago4 views

CVE-2026-46627

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS0.00385EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-46627 Twig: Sandbox resource exhaustion via unbounded `for` / `range()`

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS6.1AI score0.00385EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-46627 Twig: Sandbox resource exhaustion via unbounded `for` / `range()`

Twig is a template language for PHP. Prior to 3.26.0, the Twig sandbox does not prevent a template from consuming CPU, memory, or wall-clock time, even under the strictest allow-list, allowing untrusted templates to cause resource exhaustion. This issue is addressed in version 3.26.0 by documenti...

7.1CVSS0.00385EPSS
Exploits0References3
Rows per page
Query Builder