612025 matches found
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
EUVD-2026-45004
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other users' accounts via the XAPPLEPUSHSERVICE command and then create...
CVE-2026-15352
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
CVE-2026-15352
CVE-2026-15352 affects NASA’s Core Flight System (cFS) Health & Safety (HS) application. The vulnerability allows a segmentation fault when handling a routine Housekeeping Telemetry request, resulting in a denial-of-service condition. Documents confirm the HS component and cFS are impacted; the i...
CVE-2026-15352
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
EUVD-2026-45022
A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...
CVE-2026-44981
CrowdSec LAPI is affected. The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing unauthenticated gzip payloads to be decompressed on /v1/watchers and /v1/watchers/login without a maximum decompressed size, which can trigger...
CVE-2026-62299
CoreDNS (rewrite plugin, edns0.go) prior to version 1.14.5 could panic when a downstream plugin returns a response with no OPT record. The code path in edns0.go dereferenced a DNS OPT without a nil check, triggered by a query matching a rewrite edns0 rule (local/nsid/subnet with set/append/replac...
CVE-2026-62309
CoreDNS (Go) vulnerability CVE-2026-62309 affects the proxyproto plugin. A crafted PROXY v2 header with a non-UDP transport (family 0x11) can cause a crash via PacketConn.ReadFrom, where a nil readFrom result is reinterpreted after a failed parse and addr.String() is logged before crash recovery....
CVE-2026-62994
CoreDNS vulnerability CVE-2026-62994 affects the Go-based DNS server in versions 1.9.4 through 1.14.5. When a network DNS client uses AXFR for a CoreDNS zone and CoreDNS is configured with the k8s_external headless-service zone transfers feature, and Kubernetes contains a headless service endpoin...
CVE-2026-62963
CVE-2026-62963 affects Centrifugo prior to 6.8.4. The unidirectional WebSocket transport with uni_websocket.compression enabled did not cap output after decompression in ReadMessage (internal/websocket/conn.go advanceFrame), allowing unauthenticated requests to /connection/uni_websocket to trigge...
CVE-2026-46378
Dasel (github.com/tomwright/dasel) is affected by CVE-2026-46378 due to a non-terminating loop in the selector lexer when tokenizing an unterminated regex literal (r/). The bug resides in matchRegexPattern inside selector/lexer/tokenize.go, where the loop continues indefinitely if the closing sla...
CVE-2026-59197
A flaw was found in Pillow prior to 12.3.0. The public RankFilter API can trigger a native heap out-of-bounds write when given a very large odd filter size. ImageFilter.RankFilter.filter calls image.expandsize // 2, size // 2 before rank-filter size validation, and ImagingExpand computes output...
CVE-2026-46621
Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by uncontrolled resource consumption and denial of service. Vulnerability Details CVEID:CVE-2026-50645 DESCRIPTION: There is no restriction on the amount of attachment headers that a message can contain...
github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability
A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...
Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code
A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...
github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...