184 matches found
CVE-2026-4635
Mattermost (versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.10.0 Vulnerability Details CVEID:CVE-2026-33230 DESCRIPTION: NLTK Natural Language Toolkit is a suite of open source Python modules, data sets, and tutorials supporting research and development ...
netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood
A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...
RHCOS 4 : OpenShift Container Platform 4.5 (RHSA-2020:2413)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2413 advisory. - kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephF...
CVE-2026-39364 Vite has a `server.fs.deny` bypass with queries
Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...
CVE-2026-33483
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...
CVE-2026-32770 Parse Server: LiveQuery subscription with invalid regular expression crashes server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the...
CVE-2026-30946
Parse Server is affected by a denial-of-service due to unbounded query complexity in REST and GraphQL APIs. Unauthenticated attackers can exhaust resources (CPU, memory, database connections) via crafted queries, affecting all deployments using REST/GraphQL prior to 9.5.2-alpha.2 and 8.6.15. The ...
MiracleLinux 7 : rh-ruby26-ruby-2.6.7-119.el7 (AXSA:2021-1768:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1768:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...
CVE-2005-1150
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service hang...
CVE-2022-31698
The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header...
CVE-2019-20858
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service CPU consumption via crafted characters in a SQL LIKE clause to an APIv4 endpoint...
CVE-2019-20888
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service memory consumption via an outgoing webhook or a slash command integration...
CVE-2024-39876
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device...
CVE-2019-12940
LiveZilla Server before 8.0.1.1 is vulnerable to Denial Of Service memory consumption in knowledgebase.php via a large integer value of the depth parameter...
CVE-2023-7332 PocketMine-MP < 4.18.1 Improper Validation of Dropped Item Count Allows Remote Server Crash
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting...
EUVD-2021-15502
Malware in sbrugna...
EUVD-2021-20422
Malware in sbrugna...
EUVD-2013-2704
Malware in sbrugna...
EUVD-2005-1456
Malware in sbrugna...