SUSE CVE-2026-36499

A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...

CVE-2026-36499

A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...

PT-2026-46314

Name of the Vulnerable Software and Affected Versions Open vSwitch version 3.6.90 Description A missing upper-bound check in the udpif set threads function allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can lead to a denial of...

CVE-2026-7307

Keycloak contains a denial-of-service issue (CVE-2026-7307) where a remote, unauthenticated attacker can send a specially crafted XML input to the SAML endpoint. The crafted input triggers high CPU usage and worker-thread starvation, rendering the server unavailable. The description does not prov...

CVE-2026-34824

Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...

Out-of-bounds Read

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Out-of-bounds Read through the WebSocket handler. An attacker can exhaust system resources and cause service outages by sending a rapid succession of WebSocket messages, which forces the server to spawn an...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.2 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability

A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...

io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability

A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...

SUSE CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the indefinite wait state in the HTTP response handling process. An attacker can cause worker threads to become permanently blocked by repeatedly closing HTTP connections while...

CVE-2025-66560

The CVE-2025-66560 entry describes a Quarkus REST HTTP-layer vulnerability where, during response writing, the framework waits for prior chunks to finish transmission. If the client closes the connection mid-wait, the worker thread is not released and becomes blocked, potentially exhausting worke...

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications open-sourced by Quarkus. A security vulnerability exists in Quarkus versions prior to 3.31.0, prior to 3.27.2, and prior to 3.20.5, which stems from improper handling of HTTP tier responses and could lead to...

EUVD-2025-18340

Malicious code in bioql PyPI...

EUVD-2022-39688

Malicious code in bioql PyPI...

CVE-2025-52494

The CVE-2025-52494 entry describes a DoS flaw in Adacore Ada Web Server (AWS) prior to 25.2: during SSL/TLS handshake, there is no specific timeout and the server waits indefinitely for a malformed TLS ClientHello, tying up a worker thread and allowing exhaustion of threads up to the server’s lim...

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

CVE-2025-22854

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

CVE-2025-22854

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...