8495 matches found
EUVD-2026-42313
Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...
CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...
EUVD-2026-25012
mv: symlinks expanded during cross-device move resource exhaustion / data duplication...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
CVE-2026-24012 Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
EUVD-2026-41856
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
CVE-2026-24012
CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...
BIT-ELASTICSEARCH-2026-56148 Uncontrolled Recursion in Elasticsearch Leading to Denial of Service
Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...
PT-2026-55913
Name of the Vulnerable Software and Affected Versions Red Hat Advanced Cluster Security for Kubernetes affected versions not specified Description Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send...
PT-2026-55878
Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An uncontrolled resource consumption issue exists where certain interfaces do not impose reasonable limits on the time span and aggregation interval of queries. An attacker can send a reque...
RLSA-2026:30845 Moderate: mod_md security update
This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the CODEOWNERS pattern matching process. An attacker can cause excessive resource consumption by submitting specially crafted patterns, potentially leading to service unavailability. Remediation Upgrade...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...
EUVD-2026-41631
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. Affected: Gitea core before 1.25.5; component: git grep handling. Root cause: missing/absent timeout for git grep operations. Impact: potential resource exhaustion ...
CVE-2026-9563
A flaw was found in Eclipse Parsson. The JSON parser did not enforce a default maximum on the number of characters consumed while processing a single JSON document. A remote attacker could exploit this by providing a very large, specially crafted JSON document. This could force applications to...
CVE-2026-20216
A flaw was found in ClamAV's InstallShield file format parser. An unauthenticated, remote attacker could exploit this vulnerability by submitting a specially crafted InstallShield file for scanning. This improper handling of temporary resources during file scanning could lead to the termination o...