49 matches found
CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
PT-2026-46314
Name of the Vulnerable Software and Affected Versions Open vSwitch version 3.6.90 Description A missing upper-bound check in the udpif set threads function allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can lead to a denial of...
CVE-2026-7307
Keycloak contains a denial-of-service issue (CVE-2026-7307) where a remote, unauthenticated attacker can send a specially crafted XML input to the SAML endpoint. The crafted input triggers high CPU usage and worker-thread starvation, rendering the server unavailable. The description does not prov...
CVE-2026-34824
Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...
SUSE CVE-2021-47865
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...
CVE-2025-66560
The CVE-2025-66560 entry describes a Quarkus REST HTTP-layer vulnerability where, during response writing, the framework waits for prior chunks to finish transmission. If the client closes the connection mid-wait, the worker thread is not released and becomes blocked, potentially exhausting worke...
Quarkus 安全漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications open-sourced by Quarkus. A security vulnerability exists in Quarkus versions prior to 3.31.0, prior to 3.27.2, and prior to 3.20.5, which stems from improper handling of HTTP tier responses and could lead to...
EUVD-2025-18340
Malicious code in bioql PyPI...
CVE-2025-52494
The CVE-2025-52494 entry describes a DoS flaw in Adacore Ada Web Server (AWS) prior to 25.2: during SSL/TLS handshake, there is no specific timeout and the server waits indefinitely for a malformed TLS ClientHello, tying up a worker thread and allowing exhaustion of threads up to the server’s lim...
CVE-2025-22854
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...
CVE-2025-22854
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...
CVE-2025-22854
CVE-2025-22854 affects the PingFederate Google Adapter. The vulnerability stems from improper handling of non-200 HTTP responses, which can lead to thread exhaustion under normal usage. Affected software/component: PingFederate Google Adapter (Ping Identity). Impact stated: potential denial of se...
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...
Ping Identity PingFederate 安全漏洞
Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. A security vulnerability exists in Ping Identity PingFederate that stems from mishandling of non-200 HTTP responses, which could lead to thread exhaustion...
PT-2025-25499 · Ping Identity · Pingfederate Google Adapter
Name of the Vulnerable Software and Affected Versions: PingFederate Google Adapter affected versions not specified Description: The issue is related to the improper handling of non-200 HTTP responses in the PingFederate Google Adapter, which can lead to thread exhaustion under normal usage...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the /3/Parse endpoint. An attacker can exhaust all available threads, leading to a complete denial of service by sending multiple simultaneous requests. PoC python import threading impo...
H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint
A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...
Apache Tomcat 8.5.0 < 8.5.38
The version of Tomcat installed on the remote host is prior to 8.5.38. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.38security-8 advisory. - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessi...
SUSE CVE-2014-0230
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...