Lucene search
+L

240 matches found

RedhatCVE
RedhatCVE
added 2026/02/24 5:17 a.m.7 views

CVE-2026-25796

A flaw was found in ImageMagick, an open-source software for image manipulation. This vulnerability is a memory leak that occurs when processing certain image objects. An attacker can exploit this flaw to repeatedly trigger the memory leak, which can lead to a Denial of Service DoS by consuming...

7.5CVSS5.5AI score0.00376EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/02/10 12:0 a.m.230 views

📄 crypto/x509 TLS Certificate Parsing

This Go program demonstrates a theoretical denial of service risk associated with handling unusually large X.509 certificates in TLS connections. It programmatically generates a self-signed certificate containing a very large number of Subject Alternative Names SANs and configures an HTTP client ...

7.5CVSS5.7AI score0.00459EPSS
Exploits2
OSV
OSV
added 2026/02/05 3:20 a.m.8 views

GO-2026-4417 ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx

ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

6.5CVSS5.4AI score0.0046EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/20 7:20 p.m.5 views

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6.5CVSS5.6AI score0.00212EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/20 4:30 p.m.13 views

Pterodactyl improperly locks resources allowing raced queries to create more resources than alloted

Summary Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, it is possib...

6.5CVSS5.6AI score0.00212EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/19 7:5 p.m.6 views

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

6.5CVSS5.4AI score0.00212EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.16 views

PT-2026-3485

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.0 Description Pterodactyl is a game server management panel that applies rate limits to resources like databases, port allocations, and backups on a per-server basis. In versions before 1.12.0, a malicious us...

6.5CVSS5.5AI score0.00212EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/01/10 9:3 a.m.7 views

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

...

8.7CVSS5.3AI score0.00412EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/08 8:12 p.m.12 views

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

Multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is simila...

8.7CVSS7.1AI score0.00412EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/01/08 4:41 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 4:15 p.m.7 views

AZL-74025 CVE-2025-68151 affecting package coredns for versions less than 1.11.1-25

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS5.8AI score0.00412EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/08 3:33 p.m.26 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS0.00412EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 3:33 p.m.5 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References3
CVE
CVE
added 2026/01/08 3:33 p.m.127 views

CVE-2025-68151

Summary: CVE-2025-68151 affects CoreDNS before version 1.14.0 and related server types (gRPC, HTTPS, HTTP/3) that do not enforce connection/stream limits or message size constraints, enabling an unauthenticated attacker to exhaust memory and cause DoS by opening many connections/streams or sendin...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/08 3:33 p.m.5 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS7.1AI score0.00412EPSS
Exploits0References5
Snyk
Snyk
added 2025/11/10 10:43 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Brotli Decompression process. An attacker can cause the server to exhaust available memory by sending highly compressed Brotli streams,...

8.7CVSS6.8AI score0.00457EPSS
Exploits0References2
OSV
OSV
added 2025/10/28 2:43 p.m.6 views

GHSA-9PP9-CFWX-54RM ImageMagick has Integer Overflow in BMP Decoder (ReadBMP)

Summary CVE-2025-57803 claims to be patched in ImageMagick 7.1.2-2, but the fix is incomplete and ineffective. The latest version 7.1.2-5 remains vulnerable to the same integer overflow attack. The patch added BMPOverflowCheck but placed it after the overflow occurs, making it useless. A maliciou...

4.4CVSS7.9AI score0.00755EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2025/10/21 3:7 p.m.5 views

Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.7. Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object such as ssl.SSLSocket.send was subsequently called in...

7.1CVSS7.4AI score0.00611EPSS
Exploits0References8
OSV
OSV
added 2025/10/21 3:7 p.m.10 views

SUSE-SU-2025:3706-1 Security update for python313

This update for python313 fixes the following issues: Update to version 3.13.7. - Fixes in 3.13.7: gh-137583: Fix a deadlock introduced in 3.13.6 when a call to ssl.SSLSocket.recv was blocked in one thread, and then another method on the object such as ssl.SSLSocket.send was subsequently called i...

7.5CVSS5.8AI score0.00611EPSS
Exploits0References5
NVD
NVD
added 2025/10/17 5:15 p.m.13 views

CVE-2025-62171

ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerability occurs in coders/bmp.c when calculating...

7.5CVSS0.00755EPSS
Exploits1References3
Rows per page
Query Builder