Lucene search
+L

25 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 9:4 p.m.7 views

CVE-2026-56311

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.getcurrentplanmaxorg RPC function that allows unauthenticated attackers to retrieve arbitrary organization plan limits. Attackers can call the RPC endpoint with any organization UUID using only the public Supabase...

6.9CVSS6AI score0.00265EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/18 1:5 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the factorial operator implementation. An attacker can cause excessive CPU consumption or application unresponsiveness by submitting specially crafted expressions with extremely...

5.9CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/25 7:33 a.m.15 views

CVE-2026-40016

A flaw was found in Dovecot. A remote or local attacker could upload a malicious Sieve script through the ManageSieve service, or locally, to bypass configured CPU time limits for Sieve scripts. This allows the attacker to consume excessive server resources, leading to a degradation of server...

6.5CVSS5.8AI score0.00338EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Jinja2

This issue affects the Jinja2 package versions starting from 0.0.0 and earlier than 2.11.3. The ReDoS vulnerability is primarily caused by the punctuationre regex operator and its use of multiple wildcards. The last wildcard is the most exploitable, as it is used to search for trailing punctuatio...

5.3CVSS7.1AI score0.03546EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.17 views

SUSE CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 3:31 p.m.38 views

EUVD-2026-29470

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 2:17 p.m.13 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.10 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 1:28 p.m.24 views

CVE-2026-40016

CVE-2026-40016: An attacker can upload a malicious Sieve script via ManageSieve (or local access) to bypass CPU time limits, potentially increasing allowed run time up to 130× the configured limit and degrading server performance. Affected component is the Sieve execution/ManageSieve handling; ro...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/05/12 1:28 p.m.35 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

5.3CVSS0.00338EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.29 views

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00338EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40027

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can upload a malicious Sieve script via the 'ManageSieve' service or local access to bypass configured CPU time limits for Sieve by up to 130 times the limit. This can lead to degrade...

9.1CVSS5.7AI score0.00406EPSS
Exploits0References34
SUSE CVE
SUSE CVE
added 2026/03/07 12:25 a.m.7 views

SUSE CVE-2026-29049

melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cau...

4.3CVSS7AI score0.00226EPSS
Exploits0References4
OSV
OSV
added 2026/03/02 8:50 a.m.6 views

BIT-MOODLE-2026-26047 Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

6.5CVSS6.1AI score0.00435EPSS
Exploits0References3
OSV
OSV
added 2026/02/21 6:30 a.m.6 views

GHSA-CG8J-5CR2-568Q Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits

A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References6
NVD
NVD
added 2026/02/21 6:17 a.m.14 views

CVE-2026-26047

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

6.5CVSS0.00435EPSS
Exploits0References2
OSV
OSV
added 2026/02/21 5:40 a.m.6 views

CVE-2026-26047 Moodle: moodle: uncontrolled resource consumption in tex formula editor leading to denial of service

A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...

6.5CVSS6.8AI score0.00435EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.10 views

PT-2026-21356

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A denial-of-service issue exists in Moodle’s TeX formula editor. Insufficient execution time limits when rendering TeX content using mimetex could allow specially crafted formulas to consume...

6.5CVSS6.1AI score0.00435EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.10 views

Moodle 安全漏洞

Moodle is an open-source e-learning software platform developed by Moodle, also known as a course management system, learning management system, or virtual learning environment. There are security vulnerabilities in Moodle; these vulnerabilities stem from insufficient time limits for the TeX...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References2
Redos
Redos
added 2025/11/25 12:0 a.m.10 views

ROS-20251125-06

A vulnerability in the Moodle virtual learning environment is related to the disclosure of hidden group names to users, who have permission to create events in the calendar. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected...

6.5CVSS6.9AI score0.00246EPSS
Exploits0
Rows per page
Query Builder