Lucene search
+L

8679 matches found

Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS5.3AI score
Exploits0References6
Cvelist
Cvelist
added yesterday18 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-50273

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS0.00106EPSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-45243

Datadog .NET Tracer is a client library for Datadog APM for .NET applications. Prior to 3.43.0, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on extraction, allowing a remote...

7.5CVSS5.5AI score0.00106EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-50648

A flaw was found in .NET Framework. An unauthorized attacker can exploit this vulnerability remotely by causing the system to allocate resources without proper limits or throttling. This uncontrolled resource allocation can lead to a Denial of Service DoS, making the affected system unresponsive ...

7.5CVSS5.3AI score0.00617EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday18 views

CVE-2026-49209 Symfony UX: Denial of service in symfony/ux-live-component via unbounded batch action requests

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...

5.3CVSS
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2026-14741

CVE-2026-14741 affects the Perl module HTTP::Date (versions before 6.08). The vulnerability arises in parse_date() where a chain of alternative regexes with unbounded quantifiers, combined with a trailing \s*$, can trigger polynomial (≈quadratic) backtracking in the date parser invoked by str2tim...

5.3AI score
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2026-15007

The CVE describes a Denial of Service in GitHub Enterprise Server caused by parsing a repository release notes configuration file with deeply nested YAML, without a nesting depth limit. When release notes are generated, this can consume excessive resources and render the instance unresponsive. Af...

8.3CVSS5.4AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-45188

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.4AI score
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-62210

OpenClaw versions before 2026.6.1 contain a denial of service vulnerability where remote media URLs can trigger slow-read attacks that exhaust gateway worker resources. Attackers with access to configured input paths can supply remote media URLs that consume gateway resources and reduce...

6.5CVSS0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday25 views

CVE-2026-62220 OpenClaw 2026.2.25 < 2026.5.26 WebSocket Rate Limit Bypass

OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...

6.3CVSS0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60781

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.3AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60837

IBM PowerVM Novalink are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

7.5CVSS5.4AI score
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2025-71377

CVE-2025-71377 affects stoatchat (delta) versions before 20250210-1 (0.8.2). The issue is a logic error in the query messages route: when fetching messages labeled as 'nearby' another message, the code can pass a message limit of zero, which the database interprets as no limit. An unauthenticated...

8.7CVSS6.1AI score0.00383EPSS
Exploits0References3
NVD
NVD
added 2 days ago9 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS0.00748EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago37 views

CVE-2026-23538 Feast: resource exhaustion via websocket endpoint

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS0.00748EPSS
Exploits0References3
CVE
CVE
added 2 days ago21 views

CVE-2026-23538

The CVE affects Feast: Feast Feature Server /ws/chat accepts unauthenticated, persistent WebSocket connections. An attacker can open many concurrent connections to exhaust memory, CPU, and file descriptors, causing DoS. Affected software: Feast (Python SDK context cited by SNYK for Feast &gt;=0.1...

7.5CVSS6.1AI score0.00748EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago12 views

EUVD-2026-44838

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS6.1AI score0.00748EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2 days ago6 views

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : .NET vulnerabilities (USN-8553-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8553-1 advisory. Artur Stetsko discovered that the .NET did not properly validate authentication data. An attacker could possibly use this issue t...

8.8CVSS6.2AI score0.01099EPSS
Exploits0References14
CERT
CERT
added 2 days ago4 views

Denial-of-service vulnerability in HTTP/2 servers via stalled flow-control conditions

Overview A denial-of-service DoS vulnerability exists in some HTTP/2 server implementations that fail to adequately limit resource consumption when buffering response data under stalled flow-control conditions. A remote, unauthenticated attacker can trigger memory exhaustion and service...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References1
Rows per page
Query Builder