GHSA-9Q9Q-324X-93R2 Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`

Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...

CVE-2026-33781 Junos OS: EX Series, QFX Series: In a VXLAN scenario when specific control protocol packets are received, memory leaks and eventually no traffic is passed

An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated, adjacent attacker to cause a complete Denial of Service DoS. On EX4k, and QFX5k platforms configur...

CVE-2026-32319

CVE-2026-32319 affects Ella Core (5G private-net core). The issue arises when processing a malformed integrity-protected NGAP/NAS message shorter than 7 bytes, which can cause the Ella Core process to panic and crash, enabling unauthenticated DoS and service disruption for all connected subscribe...

CVE-2026-32319 Ella Core: Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes. An attacker able to send crafted NAS messages to Ella Core can crash the process, causing service disruption for all...

PT-2026-25088

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.5.1 Description Ella Core is a 5G core designed for private networks. The software experiences a panic, leading to a denial of service, when processing a PathSwitchRequest containing UE Security Capabilities with...

CVE-2025-7375

Omada EAP610 (v3) is affected by an unauthenticated DoS that can be triggered by crafting HTTP requests from an adjacent network, causing the device’s HTTP service to crash and resulting in temporary unavailability until reboot. Affected firmware versions are prior to 1.6.0. The CVSS 4.0 base met...

CVE-2026-1662

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint...

BIT-GRAFANA-2026-21720 Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

CVE-2026-1456

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processin...

CVE-2026-21720 Unauthenticated DoS: avatar cache leaks goroutines when /avatar/:hash requests time out

Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel...

CVE-2025-60003

A Buffer Over-read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. When an affected device receives a BGP update with a set of specific optional transitive...

CVE-2025-55221

Affected product: Socomec DIRIS Digiware M-70 (version 1.6.9). Vulnerability: DoS in Modbus TCP and Modbus RTU over TCP USB Function; unauthenticated packets can cause device to become unresponsive. TALOS describes exploitation via Modbus Write Single Register (code 6) to register 57872, where th...

CVE-2025-64509

Bugsink is affected by CVE-2025-64509. In versions prior to 2.0.6, sending a specially crafted Brotli‑compressed envelope can cause Bugsink to spend excessive CPU time during decompression, leading to a Denial of Service when the DSN is known (common in JavaScript/mobile app deployments). The iss...

CVE-2025-64508 Bugsink vulnerable to unauthenticated remote DoS via crafted Brotli input

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" highly compressed brotli streams, such as many zeros can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the...

Juniper Junos OS Vulnerability (JSA103165)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA103165 advisory. - An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an...

EUVD-2023-38439

Malicious code in bioql PyPI...

EUVD-2023-38438

Malicious code in bioql PyPI...

CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...

CVE-2025-59537 argo-cd is vulnerable to unauthenticated DoS attack via malformed Gogs webhook payload

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate client...

Vulnerabilities fixed in GitLab EE & CE

GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions before 18.2.7, 18.3.3, and 18.4.1. The vulnerabilities include allowing authenticated users to access confidential information by creating projects with the same name as the victim, and gaining unauthorized access to...