qs: qs: Denial of Service via improper input validation in array parsing

A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...

SUSE CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

EUVD-2026-30139

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...

CVE-2025-10470

CVE-2025-10470 affects WSO2 Identity Server's Magic Link authentication flow. The vulnerability arises because the flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, causing uncontrolled memory usage growth. This can lead to a denial-of-servi...

CVE-2025-10470 Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that...

asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...

asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...

OpenClaw Denial of Service Vulnerability (CNVD-2026-13832)

OpenClaw is an open source framework for data acquisition. A denial of service vulnerability exists in OpenClaw. An attacker can exploit this vulnerability by triggering a memory exhaustion via an oversized response with no content-length, resulting in service unavailability...

Linux Distros Unpatched Vulnerability : CVE-2026-25612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may...

CVE-2025-66959

A flaw was found in ollama. A remote attacker could exploit this vulnerability by sending specially crafted input to the GGUF decoder, leading to a Denial of Service DoS. This issue can make the service unavailable to legitimate users. Mitigation Mitigation for this issue is either not available ...

CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation

Improper Input Validation CWE-20 in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation CAPEC-130 through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector...

Elastic Kibana Email Connector 安全漏洞

Elastic Kibana Email Connector is an email service connection component from Elastic Netherlands. A security vulnerability exists in the Elastic Kibana Email Connector that stems from improper input validation, which could lead to over-assignment via specially crafted email address parameters,...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 16.10.10 and earlier, 17.0.0-rc-1 through 17.4.3, and 17.5.0-rc-1 through 17.6.0, which stems from a missing request restriction th...

CVE-2025-30188

Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30188

The CVE-2025-30188 entry describes a vulnerability in Open-Xchange OX App Suite where malicious or unintentional API requests can push large amounts of data into caches. This cache growth can evict information required for the web frontend to operate, potentially causing component unavailability....

Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 Denial of Service Vulnerabilities (CNVD-2025-29089)

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A denial of service vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which arises from a malicious or...