CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

PT-2026-43476

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the TLS module when a SNICallback throws synchronously on unexpected input the exception bypasses TLS error handlers and propagates as an uncaught exception. A remote attacker can crash or exhaust resources of a TL...

PT-2026-23703

Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service...

CVE-2021-47865 ProFTPD 1.3.7a - Remote Denial of Service

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

CVE-2025-63561

Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service DoS condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed HTTP connections can exhaust the server’s...

CVE-2025-53629

CVE-2025-53629 affects cpp-httplib (C++11 single-file header-only HTTP/HTTPS library). Prior to version 0.23.0, handling of incoming requests with Transfer-Encoding: chunked could allocate memory arbitrarily on the server, risking memory exhaustion. The vulnerability is fixed in 0.23.0. Related C...

CVE-2024-8053 Improper Authentication in open-webui/open-webui

In version v0.3.10 of open-webui/open-webui, the api/v1/utils/pdf endpoint lacks authentication mechanisms, allowing unauthenticated attackers to access the PDF generation service. This vulnerability can be exploited by sending a POST request with an excessively large payload, potentially leading...

aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

Summary A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. Impact If the user is making use of any middlewares with aiohttp.web then it is...

PT-2024-3054

Name of the Vulnerable Software and Affected Versions Jetty versions prior to 9.4.54 Jetty versions prior to 10.0.20 Jetty versions prior to 11.0.20 Jetty versions prior to 12.0.6 Description The issue is related to an HTTP/2 SSL connection that is established and TCP congested, which will be...

CVE-2023-6910

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...

Moxa MB3180 Denial of Service (CVE-2021-33824)

An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. This...

DEBIAN-CVE-2022-26662

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

GHSA-QXMR-QXH6-2CC9 ReDos vulnerability on guest checkout email validation

Impact Denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like a.a.. Before the patch, it can be reproduced in the console like this: ruby irbmain...

Code injection

Fluxbb 1.5.11 is affected by a denial of service DoS vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server...

Apache httpd -- multiple vulnerabilities

The Apache project reports: DoS for HTTP/2 connections by crafted requests CVE-2018-1333. By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. low modmd, DoS via Coredumps on specially crafted...

LocalTapiola: Securemail server used to internal spam and resource exhaustion

Basic report information Summary: Confidential message systems fails to restrict large amount of receivers. This might lead to hardware exhausting and/or attacking localtapiola internal employees as securemail recipient. Description: Despite https://secure.lahitapiola.fi/ is designed to send...

Internet Bug Bounty: Potential infinite loop in gdImageCreateFromGifCtx!

Description ----- It is easy to trigger in web application if the web use GD as its image library. For example, It can be triggered if a website resize the user-uploaded GIF, and ALL PHP version are affected! Original bug report ----- - https://bugs.php.net/bug.php?id=75571 Note ----- -...

Denial of Service Vulnerability in Electricity Free Android App

Electricity Worry-free APP is a cross electrical equipment professional service platform. A denial of service vulnerability exists in the Electricity Worry Free Android APP. It allows an attacker to traverse a cell phone number and send unlimited CAPTCHAs to the cell phone, consuming server...

WordPress GD bbPress Attachments 2.1 Local File Inclusion

Details ================ Software: GD bbPress Attachments Version: 2.1 Homepage: http://wordpress.org/plugins/gd-bbpress-attachments/ Advisory report: https://security.dxw.com/advisories/local-file-include-vulnerability-in-gd-bbpress-attachments-allows-attackers-to-include-arbitrary-php-files/ CV...