UBUNTU-CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

PT-2026-6341

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the names of lists or filters, or for filter keywords, allowing any user to set an arbitrarily long string as the name or...

Malicious code in tricks_unlimited_fa_ke_bit_coin_trans_action_generator_freee_unlimited_tw4t4 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3167 Malicious code in tricks_unlimited_fa_ke_bit_coin_trans_action_generator_freee_unlimited_3pxis3 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-3165 Malicious code in tricks_unlimited_fa_ke_bit_coin_trans_action_generator_freee_unlimited_3pxicx2 (npm)

--- -= Per source details. Do not edit below this line.=-...

GO-2024-2695 Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server

Mattermost Server doesn't limit the number of user preferences in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

Design/Logic Flaw

Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0...

Teens Hacked Boston Subway’s CharlieCard to Get Infinite Free Rides—and This Time Nobody Got Sued

In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off...

GHSA-HPP2-2CR5-PF6G Denial of service due to unlimited number of parts

Impact The multipart body parser accepts an unlimited number of file parts. The multipart body parser accepts an unlimited number of field parts. The multipart body parser accepts an unlimited number of empty parts as field parts. Patches This is fixed in v7.4.1 for Fastify v4.x and v6.0.1 for...

CVE-2023-22740

Discourse: A DoS vulnerability due to Allocation of Resources Without Limits via chat drafts. Affected: Discourse versions prior to 3.1.0.beta1 (beta); root cause: unlimited-length chat drafts leading to server load.

Unlimited minting of fractional tokens by calling Pair.wrap() multiple times

Lines of code Vulnerability details Impact User can mint an unlimited amount of fractional tokens and break the protocol by selling the tokens. Proof of Concept NFTs can be traded for 1e18 fractional tokens by calling the function wrap. Wrap calls validateTokenIdstokenIds, proofs which in turn ru...

in firefly-iii/firefly-iii

Description There is no rate limit sent unlimited email victim or any email address Proof of Concept There is no rate limit return-password , attacker to send unlimited email to victim or any email address. POST /password/email HTTP/2 Host: demo.firefly-iii.org Cookie:...

Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...

Luckycrush video chat full unlimited Exploit

LuckyCrush is a video chat site that randomly connects men with women and women with men. with this program you can bypass Luckycrush video chat minutes limitation. proof video: https://0day.today/videos/34240.mp4 Usage Info run application and enjoy free unlimited video chat : This is private...

FreeBSD : bitcoin -- Denial of Service and Possible Mining Inflation (40a844bf-c430-11e8-96dc-000743165db0)

Bitcoin Core reports : CVE-2018-17144, a fix for which was released on September 18th in Bitcoin Core versions 0.16.3 and 0.17.0rc4, includes both a Denial of Service component and a critical inflation vulnerability. It was originally reported to several developers working on Bitcoin Core, as wel...

kernel: unlimiting the stack disables ASLR

A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMITSTACK resource to unlimited...

CVE-2018-8739

VPN Unlimited for macOS 4.2.0 is affected by a root privilege escalation in its privileged helper tool. The tool exposes an XPC interface that allows arbitrary applications to execute system commands with root privileges, per the CVE description. Affected component: the privileged helper tool; vu...

Ajax Load More <= 2.11.1 - Local File Inclusion (LFI)

NOTE: The victim should have the paid add-on Custom Repeater or Unlimited installed...

CVE-2008-3157

Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service resource consumption via a large number of sessions...