78 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-40016
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configure...
EUVD-2026-29470
Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...
CVE-2026-40016
Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...
CVE-2026-40016
Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...
CVE-2026-40016
Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...
PT-2026-40027
Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can upload a malicious Sieve script via the 'ManageSieve' service or local access to bypass configured CPU time limits for Sieve by up to 130 times the limit. This can lead to degrade...
CVE-2022-31110
RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the filter and filterout parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial...
CVE-2025-66838
In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...
GHSA-2CJV-6WG9-F4F3 Strapi Password Hashing is Missing Maximum Password Length Validation
Summary Strapi's password hashing implementation using bcryptjs lacks maximum password length validation. Since bcryptjs truncates passwords exceeding 72 bytes, this creates potential vulnerabilities such as authentication bypass and performance degradation. POC Create an admin user with a passwo...
EUVD-2020-29464
Malware in sbrugna...
EUVD-2025-4103
Malicious code in bioql PyPI...
EUVD-2025-23643
Malicious code in bioql PyPI...
EUVD-2021-9672
Malicious code in bioql PyPI...
EUVD-2023-24083
Malicious code in bioql PyPI...
mysql: PS unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
Linux Distros Unpatched Vulnerability : CVE-2025-21534
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Performance Schema. Supported versions that are affected are 8.0.39 and prior, 8.4....
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
GraphQL Alias Overloading Enabled
GraphQL is an open-source query and manipulation language for APIs. GraphQL alias overloading is a vulnerability where an attacker sends queries with numerous aliased fields to cause server performance degradation. The server must process each alias separately, which can lead to excessive CPU...
CVE-2024-45526
An issue was discovered in OPC Foundation OPCFoundation/UA-.NETStandard through 1.5.374.78. A remote attacker can send requests with invalid credentials and cause the server performance to degrade gradually...
[SECURITY] Fedora 42 Update: dnsdist-1.9.9-1.fc42
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...