28 matches found
Authorization Bypass Through User-Controlled Key
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ResourceService in the resource management API. An...
SUSE CVE-2025-59836
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
CVE-2025-59836
Summary (CVE-2025-59836): Omni (github.com/siderolabs/omni) is vulnerable to a Denial of Service via empty Create/Update Resource requests. The root cause is a nil pointer dereference in isSensitiveSpec, which calls CreateResource without verifying resource.Metadata is non-nil. If a resource with...
CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...
PT-2025-41805
Name of the Vulnerable Software and Affected Versions Omni versions prior to 1.1.5 Omni version 1.0.2 Description Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. A nil pointer dereference in the Omni Resource Service allows unauthenticated users to cause a server panic and...
CVE-2024-55212
DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGoxBlog/ResourceService.aspx...
Regular Expression Denial Of Service (ReDoS)
angular is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability exists due to inefficient regular expression complexity in the resource service which allows an attacker to crash the application by submitting maliciously crafted input...
CVE-2023-26117
A flaw was found in AngularJS, where it is vulnerable to a denial of service caused by a regular expression denial of service ReDoS issue in the $resource service. By providing specially-crafted regex input, a remote attacker could cause a denial of service...
angular vulnerable to regular expression denial of service via the $resource service
All versions of the package angular are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtrackin...
GHSA-2QQX-W9HR-Q5GX angular vulnerable to regular expression denial of service via the $resource service
All versions of the package angular are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtrackin...
DEBIAN-CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
UBUNTU-CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...
CVE-2023-26117
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic...