SonicWALL SonicOS Allocation of Resources Without Limits or Throttling (CVE-2022-22278)

A vulnerability in SonicOS CFS Content filtering service returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service DoS attack This plugin only works with Tenable.ot. Please visit...

CVE-2025-52958

A Reachable Assertion vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS.On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition...

CVE-2024-10188 Denial of Service in BerriAI/litellm

A vulnerability in BerriAI/litellm, as of commit 26c03c9, allows unauthenticated users to cause a Denial of Service DoS by exploiting the use of ast.literaleval to parse user input. This function is not safe and is prone to DoS attacks, which can crash the litellm Python server...

CVE-2024-52810 Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4

@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared 10.0.4 is vulnerable to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the globa...

CVE-2024-53432

While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::outofrange exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service DoS attack when processing untrusted PLY files...

CVE-2024-24452

An invalid memory access when handling the ProtocolIEID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service DoS to the cellular network by repeatedly initiating connections and sending a crafted payload...

CVE-2024-5823 File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

CVE-2024-48227

Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service DOS...

GHSA-7C4C-749J-PFP2 Admidio Vulnerable to HTML Injection In The Messages Section

Summary An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. PoC 1. Go to https://www.admidio.org/demoen/admprogram/modules/messages/messages.php 2. Click on Send Private Message 3. In the Message field, enter the following payload...

GHSA-XHR3-WF7J-H255 Infinite loop in github.com/gomarkdown/markdown

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

CVE-2024-46585

CVE-2024-46585 affects Draytek Vigor 3910 (v4.3.2.6) with a buffer overflow in the sProfileName parameter on the usergrp.cgi endpoint, allowing a crafted input to trigger a Denial of Service. The issue is caused by a vulnerability in that parameter handling. There is no public patch/version fix d...

K000140954: libarchive vulnerability CVE-2022-36227

Security Advisory Description In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third...

CVE-2024-42953

Tenda FH1201 v1.2.0.14 408 was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-38986

CVE-2024-38986 ffects 75lb deep-merge 1.1.1. A prototype-pollution flaw in lodash merge methods could allow an attacker to alter Object.prototype and potentially execute arbitrary code or cause a Denial of Service (DoS). The connected documents consistently describe Prototype Pollution in 75lb de...

CVE-2024-39545 Junos OS: SRX Series, MX Series with SPC3 and NFX350: When VPN tunnels parameters are not configured in specific way the iked process will crash

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the IKE daemon iked of Juniper Networks Junos OS on SRX Series, MX Series with SPC3 and NFX350 allows allows an unauthenticated, network-based attacker sending specific mismatching parameters as part of the IPsec...

CVE-2024-39556

A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service DoS or privileged code executio...

CVE-2024-39559

An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device vmcore by sending a specific TCP packet over an established TCP session with MD5 authentication...

@aofl/cli-lib Prototype Pollution vulnerability

aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39002

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...