Lucene search
K

17 matches found

CVE
CVE
added 2026/06/20 6:27 p.m.27 views

CVE-2026-56346

CVE-2026-56346 affects AVideo up to version 25.0, with an authentication bypass in the decryptMessage.json.php endpoint that lets unauthenticated users decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to trigger server-side decryption without credentials...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 8:49 p.m.3 views

Inadequate Encryption Strength

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of weak cryptographic key generation in the createKeys function. An attacker can gain unauthorized access to protecte...

9.2CVSS5.8AI score0.00251EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2242

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01084EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/07/12 12:0 a.m.4 views

Azure Linux 3.0 Security Update: bind (CVE-2024-11187)

The version of bind installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-11187 advisory. - It is possible to construct a zone such that some queries to it will generate responses containing numerous...

7.5CVSS7AI score0.15344EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/06/23 1:0 p.m.1079 views

Exploit for Allocation of Resources Without Limits or Throttling in Openbsd Openssh

CVE-2025-26466 Metasploit module OpenSSH versions 9.5p1 to...

6.8CVSS7AI score0.38474EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/05/23 8:35 a.m.9 views

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

6.5CVSS6.8AI score0.00596EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:15 p.m.7 views

CVE-2020-16200

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources...

6.5CVSS6.5AI score0.00579EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:45 p.m.18 views

Security Bulletin: There is a vulnerability in Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions

Summary There is a vulnerablity in the Python wheel package for the Werkzeug library affecting watsonx Code Assistant On Prem Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server...

7.5CVSS7.5AI score0.01102EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-12534

In version v0.3.32 of open-webui/open-webui, the application allows users to submit large payloads in the email and password fields during the sign-in process due to the lack of character length validation on these inputs. This vulnerability can lead to a Denial of Service DoS condition when a us...

7.5CVSS0.00811EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.11 views

Azure Linux 3.0 Security Update: containerized-data-importer / cri-o / ig / libcontainers-common / skopeo (CVE-2024-3727)

The version of containerized-data-importer / cri-o / ig / libcontainers-common / skopeo installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3727 advisory. - A flaw was found in the...

8.3CVSS6.8AI score0.01279EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:17 p.m.30 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to resource exhaustion attack due to github.com/Cloudflare/cfssl ( CVE-2023-39533 )

Summary github.com/Cloudflare/cfssl is used by IBM Cloud Pak for Data. CVE-2023-39533. Vulnerability Details CVEID:CVE-2023-39533 DESCRIPTION: libp2p go-libp2p is vulnerable to a denial of service, caused by a flaw during the signature verification. By sending a specially crafted request using...

7.5CVSS7.3AI score0.01084EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2024/03/19 6:39 a.m.31 views

CVE-2024-0055

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis...

6.5CVSS6.7AI score0.00596EPSS
Exploits0References1
NVD
NVD
added 2023/08/08 7:15 p.m.25 views

CVE-2023-39533

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

7.5CVSS7.4AI score0.01084EPSS
Exploits1References8
Cvelist
Cvelist
added 2023/08/08 6:50 p.m.24 views

CVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keys

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in th...

7.5CVSS7.5AI score0.01084EPSS
Exploits1References8
OSV
OSV
added 2023/02/22 12:3 a.m.23 views

GHSA-87X9-7GRX-M28V notation-go has excessive memory allocation on verification

Impact notation-go users will find their application using excessive memory when verifying signatures and the application will be finally killed, and thus availability is impacted. Patches The problem has been patched in the release v1.0.0-rc.3. Users should upgrade their notation-go packages to...

7.5CVSS7.3AI score0.0044EPSS
Exploits0References5
OSV
OSV
added 2022/12/07 11:23 p.m.20 views

GHSA-F44Q-634C-JVWV libp2p DoS vulnerability from lack of resource management

Impact Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed ...

7.5CVSS7.4AI score0.00689EPSS
Exploits0References3
Debian
Debian
added 2022/05/28 7:43 a.m.28 views

[SECURITY] [DLA 3031-1] modsecurity-apache security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3031-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 28, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

7.5CVSS7.4AI score0.03206EPSS
Exploits2
Rows per page
Query Builder