240 matches found
CVE-2026-25796
A flaw was found in ImageMagick, an open-source software for image manipulation. This vulnerability is a memory leak that occurs when processing certain image objects. An attacker can exploit this flaw to repeatedly trigger the memory leak, which can lead to a Denial of Service DoS by consuming...
📄 crypto/x509 TLS Certificate Parsing
This Go program demonstrates a theoretical denial of service risk associated with handling unusually large X.509 certificates in TLS connections. It programmatically generates a self-signed certificate containing a very large number of Subject Alternative Names SANs and configures an HTTP client ...
GO-2026-4417 ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx
ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted
Summary Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possib...
CVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...
PT-2026-3485
Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.0 Description Pterodactyl is a game server management panel that applies rate limits to resources like databases, port allocations, and backups on a per-server basis. In versions before 1.12.0, a malicious us...
CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
...
CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
Multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is simila...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...
AZL-74025 CVE-2025-68151 affecting package coredns for versions less than 1.11.1-25
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...
CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...
CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...
CVE-2025-68151
Summary: CVE-2025-68151 affects CoreDNS before version 1.14.0 and related server types (gRPC, HTTPS, HTTP/3) that do not enforce connection/stream limits or message size constraints, enabling an unauthenticated attacker to exhaust memory and cause DoS by opening many connections/streams or sendin...
CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...
Allocation of Resources Without Limits or Throttling
Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Brotli Decompression process. An attacker can cause the server to exhaust available memory by sending highly compressed Brotli streams,...
GHSA-9PP9-CFWX-54RM ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)
Summary CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but the fix is incomplete and ineffective. The latest version 7.1.2-5 remains vulnerable to the same integer overflow attack. The patch added BMPOverflowCheck but placed it after the overflow occurs, making it useless. A maliciou...
Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.7. Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object such as ssl.SSLSocket.send was subsequently called in...
SUSE-SU-2025:3706-1 Security update for python313
This update for python313 fixes the following issues: Update to version 3.13.7. - Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object such as ssl.SSLSocket.send was subsequently called i...
CVE-2025-62171
ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating...