SUSE CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

PT-2026-45835

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.14.x @remix-run/server-runtime versions 2.10.0 through 2.17.4 Description Certain crafted requests can cause unbounded path expansion in the " manifest" endpoint, leading to disproportionate server resourc...

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000160874)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160874 advisory. When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP...

PT-2026-37660

Name of the Vulnerable Software and Affected Versions react-server-dom-webpack versions 19.0.0 through 19.0.5 react-server-dom-webpack versions 19.1.0 through 19.1.6 react-server-dom-webpack versions 19.2.0 through 19.2.5 react-server-dom-parcel versions 19.0.0 through 19.0.5...

Astra Linux - уязвимость в php7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, an excessive number of parts in HTTP form uploads can lead to high resource consumption and an excessive number of log entries. This can cause a denial of service on the affected server by exhausting CPU resources or disk...

Astra Linux - уязвимость в libsoup2.4

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

PT-2026-36906

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description The MCP OAuth client registration endpoint accepts unauthenticated requests and stores client data without adequate resource controls. A remot...

PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`

Impact The server handles ActorEventPacket to trigger consuming animations from vanilla clients when they eat food or drink potions. This can be abused to make the server spam other clients, and to waste server CPU and memory. For every ActorEventPacket sent by the client, an animation event will...

EUVD-2025-209059

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

PT-2026-28293

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is susceptible to a spamming issue that could allow an attacker to exhaust server resources, potentially leading to a Denial of Service. Excessive spamming can consum...

GHSA-5X2W-37XF-7962 AVideo has Unauthenticated PGP Message Decryption via Public Endpoint

Summary The AVideo platform exposes a publicly accessible endpoint that performs server-side PGP decryption without requiring any form of authentication. Any anonymous user can submit a private key, ciphertext, and passphrase to the endpoint and receive the decrypted plaintext in the JSON respons...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

EUVD-2018-21624

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

A New Denial-of-Service Vector in React Server Components

React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

CVE-2021-47713 Hasura GraphQL 1.3.3 Denial of Service via Malicious GraphQL Query

Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and multiple threads to consume server resource...

Ubuntu: Security Advisory (USN-7892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize

The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the resizeimagecallback function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment...

Summer Pearl Group Vacation Rental Management Platform 安全漏洞

Summer Pearl Group Vacation Rental Management Platform is a vacation rental property management software platform from Summer Pearl Group, Greece. A security vulnerability exists in Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2, which is caused by a Slowloris-styl...