Lucene search
+L

321 matches found

Cvelist
Cvelist
added 2026/07/03 8:19 p.m.35 views

CVE-2026-26307 Gitea git grep search lacks a timeout

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

0.00466EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.5 views

axios: Axios: Denial of Service due to unenforced request and response size limits

A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References5
NVD
NVD
added 2026/06/25 5:16 p.m.16 views

CVE-2026-54037

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and forkUserLimiter rate limiters to POST /api/convos/fork to prevent rapid-fire conversation duplication. However, the POST /api/convos/duplicate endpoint...

6.5CVSS0.00293EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:54 p.m.17 views

CVE-2026-54024

CVE-2026-54024 affects LibreChat. The POST /api/convos/import endpoint uses a separate multer instance that was not updated with the same file-size limits applied to other file uploads, enabling an authenticated user to upload arbitrarily large files. This is exacerbated by the application-level ...

6.5CVSS5.9AI score0.00761EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2026/06/11 5:16 p.m.6 views

UBUNTU-CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.4AI score0.0063EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/11 3:37 p.m.21 views

CVE-2026-44488 Axios: Allocation of Resources Without Limits or Throttling in axios

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:24 a.m.10 views

SUSE CVE-2026-42342

React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45835

Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.14.x @remix-run/server-runtime versions 2.10.0 through 2.17.4 Description Certain crafted requests can cause unbounded path expansion in the " manifest" endpoint, leading to disproportionate server resourc...

7.5CVSS5.8AI score0.00299EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.37 views

F5 Networks BIG-IP : BIG-IP Configuration utility vulnerability (K000160874)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160874 advisory. When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol LDAP...

8.7CVSS5.8AI score0.003EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in PHP 7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, an excessive number of parts in HTTP form uploads can lead to high resource consumption and an excessive number of log entries. This can cause a denial of service on the affected server by exhausting CPU resources or disk...

7.5CVSS6.7AI score0.01408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.19 views

PT-2026-37660

Name of the Vulnerable Software and Affected Versions react-server-dom-webpack versions 19.0.0 through 19.0.5 react-server-dom-webpack versions 19.1.0 through 19.1.6 react-server-dom-webpack versions 19.2.0 through 19.2.5 react-server-dom-parcel versions 19.0.0 through 19.0.5...

7.8CVSS5.8AI score0.01533EPSS
Exploits1References31
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.22 views

PT-2026-36906

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description The MCP OAuth client registration endpoint accepts unauthenticated requests and stores client data without adequate resource controls. A remot...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/04/06 10:54 p.m.7 views

PocketMine-MP: Network amplification vulnerability with `ActorEventPacket`

Impact The server handles ActorEventPacket to trigger consuming animations from vanilla clients when they eat food or drink potions. This can be abused to make the server spam other clients, and to waste server CPU and memory. For every ActorEventPacket sent by the client, an animation event will...

5.9AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/26 3:30 p.m.6 views

EUVD-2025-209059

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.13 views

PT-2026-28293

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software is susceptible to a spamming issue that could allow an attacker to exhaust server resources, potentially leading to a Denial of Service. Excessive spamming can consum...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 12:46 p.m.5 views

GHSA-5X2W-37XF-7962 AVideo has Unauthenticated PGP Message Decryption via Public Endpoint

Summary The AVideo platform exposes a publicly accessible endpoint that performs server-side PGP decryption without requiring any form of authentication. Any anonymous user can submit a private key, ciphertext, and passphrase to the endpoint and receive the decrypted plaintext in the JSON respons...

6.9CVSS5.9AI score0.00392EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.11 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.3.0 and earlier 11.3.x series, 11.2.2 and earlier 11.2.x series, as well as 10.11.10 and earlier 10.11.x series, have security vulnerabilities. These vulnerabilities...

7.5CVSS6.4AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/06 3:31 p.m.9 views

EUVD-2018-21624

AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability...

8.7CVSS5.8AI score0.00339EPSS
Exploits0References3
NVD
NVD
added 2026/02/21 6:17 a.m.13 views

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

6.5CVSS0.00435EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2026/02/17 6:48 p.m.8 views

A New Denial-of-Service Vector in React Server Components

React Server Components RSC have introduced a hybrid execution model that expands application capabilities while increasing the potential attack surface. Following earlier disclosures and fixes related to React DoS vulnerabilities, an additional analysis of RSC internals was conducted to assess...

5.9AI score
Exploits0
Rows per page
Query Builder