Lucene search
K

574 matches found

MongoDB
MongoDB
added 2026/02/10 6:5 p.m.13 views

Internal ResourceId collision may affect unrelated collections

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

7.1CVSS5.5AI score0.00199EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/02/10 4:16 a.m.10 views

CVE-2026-23689

Due to an uncontrolled resource consumption Denial of Service vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control parameter. This triggers prolonged loop execution th...

7.7CVSS0.00354EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from issues wit...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 11:16 p.m.9 views

CVE-2026-25957

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

6.5CVSS0.00391EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 10:39 p.m.5 views

CVE-2026-25957

Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13 and 1.4.2...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7193

Name of the Vulnerable Software and Affected Versions Cube versions 1.1.17 through 1.5.12 and 1.4.1 Description Cube, a semantic layer for building data applications, is susceptible to a condition where a specially crafted request to a Cube API endpoint can render the entire Cube API unavailable...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/22 3:13 p.m.7 views

CVE-2025-66959

A flaw was found in ollama. A remote attacker could exploit this vulnerability by sending specially crafted input to the GGUF decoder, leading to a Denial of Service DoS. This issue can make the service unavailable to legitimate users. Mitigation Mitigation for this issue is either not available ...

7.5CVSS5.2AI score0.04549EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/13 9:10 p.m.26 views

CVE-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation

Improper Input Validation CWE-20 in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation CAPEC-130 through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector...

6.5CVSS0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/01/13 9:3 p.m.20 views

CVE-2026-0530

CVE-2026-0530 describes an issue in Kibana Fleet where an allocation of resources without limits or throttling (CWE-770) can be triggered by a specially crafted request, causing excessive resource consumption and potential service degradation or unavailability (CAPEC-130). Affected versions span ...

6.5CVSS6.4AI score0.00273EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Elastic Kibana Fleet 安全漏洞

Elastic Kibana Fleet is a component of Elastic Netherlands that centralizes the management and monitoring of Elastic Agent. A security vulnerability exists in Elastic Kibana Fleet that stems from an unlimited or infinite stream of resource allocations, which could lead to over-allocation via ad-h...

6.5CVSS5.8AI score0.00416EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

Elastic Kibana Email Connector 安全漏洞

Elastic Kibana Email Connector is an email service connection component from Elastic Netherlands. A security vulnerability exists in the Elastic Kibana Email Connector that stems from improper input validation, which could lead to over-assignment via specially crafted email address parameters,...

6.5CVSS5.8AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:12 p.m.14 views

CVE-2018-18878

In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...

7.8CVSS7.1AI score0.02889EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 10:1 p.m.5 views

CVE-2025-66473

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

8.7CVSS6.7AI score0.00339EPSS
Exploits0References1
NVD
NVD
added 2025/12/10 10:16 p.m.7 views

CVE-2025-66473

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

8.7CVSS0.00339EPSS
Exploits0References3
OSV
OSV
added 2025/12/10 9:51 p.m.6 views

CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

8.7CVSS6.6AI score0.00339EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/10 9:51 p.m.27 views

CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

8.7CVSS0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/10 9:51 p.m.5 views

EUVD-2025-202430

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

8.7CVSS6.2AI score0.00339EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/10 9:51 p.m.3 views

CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

8.7CVSS6.3AI score0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/10 2:32 a.m.8 views

CVE-2025-42873

SAPUI5 and OpenUI5 packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system...

5.9CVSS7AI score0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.7 views

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 16.10.10 and earlier, 17.0.0-rc-1 through 17.4.3, and 17.5.0-rc-1 through 17.6.0, which stems from a missing request restriction th...

8.7CVSS6.4AI score0.00339EPSS
Exploits0References4
Rows per page
Query Builder