Lucene search
K

478 matches found

RedHat Linux
RedHat Linux
added 2026/04/23 9:39 p.m.6 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS5.5AI score0.00349EPSS
Exploits0References8
CVE
CVE
added 2026/04/22 9:38 a.m.14 views

CVE-2026-33258

PowerDNS Recursor is affected by CVE-2026-33258. A flaw allows an attacker to publish and query a crafted zone, causing allocation of large entries in negative and aggressive NSEC3 caches. This can lead to resource usage and potential denial of service; CVSS indicates high impact on availability ...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 9:38 a.m.7 views

CVE-2026-33258 Crafted zones can cause increased resource usage

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.8AI score0.00583EPSS
Exploits0References1
NVD
NVD
added 2026/04/20 7:16 p.m.7 views

CVE-2026-6060

A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS: 7.0.X 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.3.X...

4.5CVSS0.00191EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/20 1:27 p.m.4 views

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.13 views

FastChat 安全漏洞

FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities, which stem from incorrect operations on the apigenerate function within the Worker API...

6.9CVSS6AI score0.00623EPSS
Exploits0References1
Redos
Redos
added 2026/04/17 12:0 a.m.3 views

ROS-20260417-73-0018

A vulnerability in the Python library for handling PyPDF PDF files involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

8.7CVSS5.8AI score0.00348EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.2 views

SUSE SLES12 Security Update : python-urllib3 (SUSE-SU-2026:1412-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1412-1 advisory. Security issues: - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain bsc1254866. -...

8.9CVSS5.9AI score0.02667EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/04/10 11:36 a.m.4 views

Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

8.7CVSS5.8AI score0.00519EPSS
Exploits1References8
OSV
OSV
added 2026/04/10 11:33 a.m.3 views

OPENSUSE-SU-2026:20502-1 Security update for cockpit-podman

This update for cockpit-podman fixes the following issues: - CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process bsc1257836. - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive...

9.2CVSS5.8AI score0.00519EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:41 a.m.18 views

Security Bulletin: High Resource Consumption Vulnerability in urllib3 Streaming API Due to Improper Handling of Highly Compressed Data (≤ v2.6.0) affects watsonx.data

Summary A vulnerability in the urllib3 Streaming API versions 1.0 through 2.6.0 allows highly compressed HTTP responses to be decompressed in a way that can consume excessive system resources. When processing compressed data e.g., gzip or brotli, the library may fully decompress a small input int...

8.9CVSS6.8AI score0.00633EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/04/06 10:54 p.m.4 views

Insufficient Control of Network Message Volume (Network Amplification)

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Insufficient Control of Network Message Volume Network Amplification in the handling of ActorEventPacket. An...

5.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/06 10:54 p.m.6 views

PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`

Impact The server handles ActorEventPacket to trigger consuming animations from vanilla clients when they eat food or drink potions. This can be abused to make the server spam other clients, and to waste server CPU and memory. For every ActorEventPacket sent by the client, an animation event will...

5.9AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.6 views

CVE-2026-34824

Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...

7.5CVSS5.8AI score0.00721EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/03 3:15 a.m.11 views

OpenClaw: Telegram audio preflight transcription enables resource consumption by unauthorized senders

Summary Telegram audio preflight transcription enables resource consumption by unauthorized senders Current Maintainer Triage - Status: narrow - Normalized severity: medium - Assessment: v2026.3.28 still lets unauthorized Telegram group senders trigger audio preflight before allowlist enforcement...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/03/25 4:34 p.m.25 views

CVE-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

6.5CVSS0.00417EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 4:34 p.m.3 views

CVE-2025-13436 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when handling certain CI-related inputs...

6.5CVSS5.8AI score0.00417EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:34 p.m.17 views

CVE-2025-13436

GitLab CVE-2025-13436 affects GitLab CE/EE versions 13.7 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1. An authenticated user could trigger a Denial of Service via excessive resource consumption when processing certain CI-related inputs. The issue is mitigated by patch releases: 18....

6.5CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/24 10:16 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

7.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/24 9:46 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the checkBytesLimits,...

7.5CVSS6.3AI score0.00532EPSS
Exploits0References2
Rows per page
Query Builder