Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting

Unlimited Elements For Elementor Free Widgets, Addons, Templates versions up to 1.5.93 contain a reflected cross-site scripting caused by improper neutralization of input during web page generation, letting attackers execute malicious scripts in the victim's browser, exploit requires attacker to...

SUSE CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

EUVD-2026-37014

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-grpc grpc GRPC.Compressor.Gzip, GRPC.Message modules allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.e...

UBUNTU-CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

GHSA-W5FM-68J4-FPC4 File Browser has a DoS Vulnerability via Public Login API

Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...

CVE-2026-47244

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

CVE-2026-47244 Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

CVE-2026-50645

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

CVE-2026-50645 Apache CXF: No restriction on attachment headers per message

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

Linux Distros Unpatched Vulnerability : CVE-2026-47244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...

Başarsoft Rotaban 代码问题漏洞

Başarsoft Rotaban is a service route optimization platform developed by the Turkish company Başarsoft. Versions of Başarsoft Rotaban prior to V2026.06.002 and V2026.06.003 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited upload of dangerous type files, which could...

Limatek LimRAD NAC 代码问题漏洞

Limatek LimRAD NAC is a network access control system developed by the Turkish company Limatek. Versions of Limatek LimRAD NAC prior to 5.5.7.3.9 contained code vulnerabilities. These vulnerabilities stemmed from an unlimited upload of dangerous types of files, which could lead to remote code...

vLLM 资源管理错误漏洞

vLLM is an open-source inference and service engine designed for LLM models, featuring high throughput and efficient memory usage. Version vLLM 0.8.0 and later contain a resource management vulnerability. This vulnerability stems from the unlimited frame counting in the VideoMediaIO.loadbase64...

libp2p 输入验证错误漏洞

libp2p is a modular peer-to-peer network framework developed under the open-source license. Prior to version 16.2.6, libp2p had a vulnerability related to input validation errors. This vulnerability stemmed from unverified remote peers being able to send unlimited PUTVALUE messages, which could...

QNAP Systems File Station 6 安全漏洞

QNAP Systems File Station 6 is a file management software developed by QNAP Systems, a company based in Taiwan, China. There is a security vulnerability in QNAP Systems File Station 6, which stems from unlimited resource allocation or throttling. This vulnerability could allow remote attackers to...

CVE-2026-49955

Hermes WebUI vulnerable before version 0.51.270 to resource exhaustion via the passkey/options endpoint. Unauthenticated remote attackers can degrade availability by repeatedly posting to the authentication endpoint, causing unbounded growth of the challenge store and high CPU/disk I/O due to rep...

bookcars 安全漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains a security vulnerability. This vulnerability stems from the/api/create-user component, which has an unlimited file renaming vulnerability. This could allow authenticated attackers to use...

dcat-admin 访问控制错误漏洞

dcat-admin is a backend system building tool based on Laravel, developed by Jiang Qinghua. Versions of Dcat-Admin 2.2.3-beta and earlier contain an access control vulnerability. This vulnerability stems from the editorMDUpload function in /admin/dcat-api/editor-md/upload, which allows unlimited...

AMD uProf 安全漏洞

AMD uProf is a cross-platform performance analysis tool developed by AMD, Inc. for AMD processor architecture. AMD uProf has a security vulnerability; this vulnerability stems from unlimited resource allocation, which may lead to excessive consumption of system resources and resulting in usabilit...