Lucene search
+L

454 matches found

Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30872

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 8:6 p.m.41 views

CVE-2026-0967

CVE-2026-0967 describes a denial-of-service in libssh where an attacker can craft hostnames via client config or known_hosts files that, when processed by match_pattern(), trigger inefficient regular expression backtracking. The result is timeouts and resource exhaustion on the client side. Publi...

5.5CVSS5.8AI score0.00223EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1313)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: mpt3sas: Fix crash in transport port remove by using iocinfoCVE-2025-40115 scsi: target: Fix WRITESAME No Data Buffer crashCVE-2022-21546...

7.8CVSS6.6AI score0.00535EPSS
Exploits3References61
OSV
OSV
added 2026/03/13 8:37 p.m.5 views

GHSA-PHC3-FGPG-7M6H Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005644 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

TinyWeb 资源管理错误漏洞

TinyWeb is a simple and lightweight HTTP server developed by Konstantin Belyalov. Versions of TinyWeb prior to 2.02 contained a resource management vulnerability, which stemmed from the lack of enforced maximum concurrency limits or appropriate request timeouts, potentially leading to...

8.7CVSS5.8AI score0.00436EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/25 11:5 p.m.35 views

CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...

8.7CVSS0.00436EPSS
Exploits0References3
CVE
CVE
added 2026/02/21 5:40 a.m.31 views

CVE-2026-26047

Moodle TeX formula editor is affected by a DoS in the TeX rendering path using mimetex. The vulnerability stems from insufficient execution time limits, allowing an authenticated user to craft formulas that consume excessive server resources and potentially degrade performance or cause service in...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/17 9:32 a.m.3 views

nodejs: Nodejs uninitialized memory exposure

A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...

7.1CVSS5.8AI score0.03493EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/12 8:1 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the STARTTLS component. An attacker can cause resource exhaustion by sending a specially crafted request and stalling the connection, which bypasses configured read timeouts and...

8.7CVSS5.6AI score0.00709EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/12 8:1 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the STARTTLS component. An attacker can cause resource exhaustion by sending a specially crafted request and stalling the connection, which bypasses configured read timeouts and...

8.7CVSS5.6AI score0.00709EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.10 views

CVE-2026-25870

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 10:16 p.m.4 views

CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF

DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...

6.9CVSS6AI score0.00298EPSS
Exploits0References3
CVE
CVE
added 2026/02/10 10:16 p.m.24 views

CVE-2026-25870

CVE-2026-25870 affects DoraCMS (

6.9CVSS6AI score0.00298EPSS
Exploits0References3
OSV
OSV
added 2026/01/28 10:57 a.m.9 views

CLSA-2026-1769597819 Fix CVE(s): CVE-2025-58436

SECURITY UPDATE: cupsd DoS via slow client connections - debian/patches/CVE-2025-58436.patch: implement non-blocking I/O and connection timeouts to prevent slow clients from blocking cupsd. - CVE-2025-58436...

5.5CVSS6AI score0.00195EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/01/27 9:7 a.m.5 views

CVE-2026-21720

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS5.5AI score0.00618EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/27 9:7 a.m.35 views

CVE-2026-21720 Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS0.00618EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/27 9:7 a.m.5 views

CVE-2026-21720 Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

7.5CVSS5.9AI score0.00618EPSS
Exploits0References1
CVE
CVE
added 2026/01/27 9:7 a.m.63 views

CVE-2026-21720

CVE-2026-21720 affects Grafana’s /avatar/:hash handling: each uncached request spawns a goroutine to refresh Gravatar, and if the refresh sits in a 10-slot worker queue longer than three seconds the handler times out, causing the goroutine to block on an unbuffered channel. This can lead to linea...

7.5CVSS5.9AI score0.00618EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: netfilter: ipset: Fixed issues related to region locking in hash types. Region locking introduced in v5.6-rc4 included three macros for handling region locks: - ahashbucketstart: Takes back the start and end hash bucket values...

5.5CVSS6.5AI score0.00127EPSS
Exploits0References3
Rows per page
Query Builder