454 matches found
PT-2026-30872
An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...
CVE-2026-0967
CVE-2026-0967 describes a denial-of-service in libssh where an attacker can craft hostnames via client config or known_hosts files that, when processed by match_pattern(), trigger inefficient regular expression backtracking. The result is timeouts and resource exhaustion on the client side. Publi...
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2026-1313)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : scsi: mpt3sas: Fix crash in transport port remove by using iocinfoCVE-2025-40115 scsi: target: Fix WRITESAME No Data Buffer crashCVE-2022-21546...
GHSA-PHC3-FGPG-7M6H Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS
Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005644)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005644 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to...
TinyWeb 资源管理错误漏洞
TinyWeb is a simple and lightweight HTTP server developed by Konstantin Belyalov. Versions of TinyWeb prior to 2.02 contained a resource management vulnerability, which stemmed from the lack of enforced maximum concurrency limits or appropriate request timeouts, potentially leading to...
CVE-2026-27630 TinyWeb vulnerable to Remote Denial of Service via Thread/Connection Exhaustion (Slowloris)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service DoS attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit or an appropriate...
CVE-2026-26047
Moodle TeX formula editor is affected by a DoS in the TeX rendering path using mimetex. The vulnerability stems from insufficient execution time limits, allowing an authenticated user to craft formulas that consume excessive server resources and potentially degrade performance or cause service in...
nodejs: Nodejs uninitialized memory exposure
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the STARTTLS component. An attacker can cause resource exhaustion by sending a specially crafted request and stalling the connection, which bypasses configured read timeouts and...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the STARTTLS component. An attacker can cause resource exhaustion by sending a specially crafted request and stalling the connection, which bypasses configured read timeouts and...
CVE-2026-25870
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870 DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
DoraCMS version 3.1 and prior contains a server-side request forgery SSRF vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The...
CVE-2026-25870
CVE-2026-25870 affects DoraCMS (
CLSA-2026-1769597819 Fix CVE(s): CVE-2025-58436
SECURITY UPDATE: cupsd DoS via slow client connections - debian/patches/CVE-2025-58436.patch: implement non-blocking I/O and connection timeouts to prevent slow clients from blocking cupsd. - CVE-2025-58436...
CVE-2026-21720
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...
CVE-2026-21720 Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...
CVE-2026-21720 Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out
Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...
CVE-2026-21720
CVE-2026-21720 affects Grafana’s /avatar/:hash handling: each uncached request spawns a goroutine to refresh Gravatar, and if the refresh sits in a 10-slot worker queue longer than three seconds the handler times out, causing the goroutine to block on an unbuffered channel. This can lead to linea...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: ipset: Fixed issues related to region locking in hash types. Region locking introduced in v5.6-rc4 included three macros for handling region locks: - ahashbucketstart: Takes back the start and end hash bucket values...