Rack is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of Range headers, allowing an attacker to craft headers in a way that results in an unexpectedly large response, which can result in Denial of Service...
5.8CVSS
6.9AI Score
0.0004EPSS
org.elasticsearch:elasticsearch is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of...
4.9CVSS
6.7AI Score
0.0004EPSS
FreeRDP is vulnerable to Denial of Service (DoS). The vulnerability is due to allocating an size, which can cause the FreeRDP client to crash when connected to a malicious...
7.5CVSS
7.4AI Score
0.0004EPSS
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of validation in the _load_from_pickle function in the mlflow/langchain/utils.py file, allowing an attacker to execute arbitrary code on the victim's system through a malicious Langchain AgentExecutor.....
8.8CVSS
7.5AI Score
0.0004EPSS
org.apache.tomcat, tomcat-coyote is vulnerable to Denial of Service (DoS). The vulnerability is due to improper request handling when processing an HTTP/2 request that exceeds any of the configured limits for headers, leading to the associated HTTP/2 stream not being reset until after all of the...
6.6AI Score
0.0004EPSS
FreeRDP is vulnerable to an Out-of-Bounds Read. The vulnerability is due to the legacy GDI drawing path with the /bpp:32 setting in FreeRDP, which results in Out-of-Bounds...
8.1CVSS
7AI Score
0.0004EPSS
Libvirt is vulnerable to Denial of Service(DoS). The vulnerability is due to improper handling of negative array lengths during memory allocation. If an attacker can pass a negative length to the g_new0 function will usually result in a Denial of...
6.2CVSS
6.6AI Score
0.001EPSS
libfreerdp.so is vulnerable to Out-of-bounds write. The vulnerability is due to improper validation of runLengthFactor which can lead to values that exceed the buffer limits, causing memory corruption. This could allow an attacker to potentially access sensitive information or cause a crash in the....
9.8CVSS
6.8AI Score
0.0004EPSS
openssl is vulnerable to Denial Of Service (DOS). The vulnerability is caused due to excessive time spent while checking invalid RSA public keys. This eventually results in Denial Of Service...
7AI Score
0.0004EPSS
Deserialization Of Untrusted Data
ydata-profiling is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to inadequate input validation in the loads function within serialize_report.py, resulting in arbitrary code execution when utilizing the load function directly or passing bytes from external sources into.....
7.8CVSS
7.6AI Score
0.0004EPSS
qemu is vulnerable to a Denial of Service(DoS) attack. The vulnerability is due to an assertion failure in the update_sctp_checksum() function in hw/net/net_tx_pkt.c, allows a malicious guest to trigger a denial of...
5.5CVSS
6.9AI Score
0.0004EPSS
Deserialization Of Untrusted Data
typo3/phar-stream-wrapper is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to improper handling of user-supplied Phar achive data before deserialization, which allows attackers to manipulate the serialized data to execute arbitrary...
7.7AI Score
apache2 is vulnerable to Denial of Service (DoS). This vulnerability allows an attacker to cause denial of service conditions on a vulnerable system by exploiting a race condition that occurs when a HTTP/2 connection is reset (RST frame) by a...
5.9CVSS
6.6AI Score
0.004EPSS
libfreerdp.so is vulnerable to an out-of-bounds read. The vulnerability is due to inadequate bounds checking in the zgfx_decompress_segment function because the variable count is not checked against Stream_GetRemainingLength. This could allow an attacker to potentially access sensitive information....
9.8CVSS
6.6AI Score
0.0004EPSS
MediaWiki is vulnerable to Denial Of Service (DoS). The vulnerability is due to a flaw in includes/specials/SpecialMovePage.php. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request.....
6.9AI Score
0.0004EPSS
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to inadequate input validation in the _load_custom_objects function within mlflow/tensorflow/init.py, which allows attackers to execute arbitrary code by injecting a malicious pickle object into the Tensorflow...
8.8CVSS
7.5AI Score
0.0004EPSS
github.com/envoyproxy/envoy is vulnerable to Denial Of Service (DOS). The vulnerability is due to the async HTTP client buffering the mirror response with an unbounded buffer, which allows attackers to potentially cause an out-of-memory scenario by sending huge...
6.5CVSS
5.5AI Score
0.0004EPSS
pimcore/pimcore is vulnerable to Denial Of Service. The vulnerability due to the lack of restrictions on the scaling factors that can be applied to image thumbnails, potentially creating disproportionately large files or overwhelming server CPU...
7.5CVSS
6.7AI Score
0.001EPSS
go.opentelemetry.io/collector/config/configgrpc is vulnerable to Denial Of Service (DoS). The vulnerability is due to compressed HTTP requests which can be maliciously designed to crash the system by consuming excessive memory. Attackers can exploit this by sending specially crafted "zip bomb"...
7AI Score
libdjvulibre.so is Denial Of Service (DoS). The vulnerability exists in the IW44Image::Map::image function at IW44Image.cpp due to a divide by zero bug resulting in a floating point exception causing an application...
6.5CVSS
6.7AI Score
0.001EPSS
libdjvulibre.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the lack of input validation in the IW44EncodeCodec.cpp when preparing the gray level conversion table, which allows an attacker to cause an application crash via divide by...
6.5CVSS
6.7AI Score
0.001EPSS
NodeJS is vulnerable to Denial Of Service (DOS). The vulnerability is caused due the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed.....
6.5CVSS
6.9AI Score
0.0004EPSS
strukturag/libde265 is vulnerable to Denial of Service (DoS). The vulnerability is caused due to a lack of proper bounds checking when calculating memory allocation sizes within image.cc. An attacker could manipulate the values to exceed the intended dimensions, leading to a buffer overflow and...
7.2AI Score
0.0004EPSS
gpac is vulnerable to Denial of Service (DoS) attacks. If keys or parameters are received from an unreliable source, applications employing DH_check(), DH_check_ex(), or EVP_PKEY_param_check() may face lengthy delays, resulting in denial of service...
5.3CVSS
6.7AI Score
0.002EPSS
node-tar is vulnerable to Denial of service (DoS). The vulnerability is caused due to lack of validation on the number of folders created during the folder creation process.This allows an attackers to consume excessive CPU and memory resources, potentially causing the system to become unresponsive....
6.5CVSS
6.7AI Score
0.0004EPSS
eventlet and dnspython are vulnerable to Denial Of Service (DoS). The vulnerability is due to a lack of enforcing the preferred behavior of waiting for a valid packet during DNS name resolution, allowing remote attackers to interfere with the resolution process by quickly sending an invalid packet....
6.4AI Score
0.0004EPSS
libfreerdp.so is vulnerable to Out-of-bounds Read. The vulnerability is due to improper handling of nWidth and nHeight when both are zero, This allowing an attacker to potentially access or modify memory outside the intended buffer...
9.8CVSS
9.6AI Score
0.0004EPSS
chromium is vulnerable to Out-of-bounds Write. The vulnerability is due to inadequate bounds checking within a sandbox environment via a carefully crafted HTML page, allowing a remote attacker to execute arbitrary...
6.7AI Score
0.0004EPSS
apache2 is vulnerable to Out-of-bounds Read. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Apache HTTP Server. The request would contain a specially crafted mod_macro directive that would cause the server to read data from outside of the...
7.5CVSS
6.8AI Score
0.01EPSS
libfreerdp.so is vulnerable to an out-of-bounds read. The vulnerability is due to insufficient validation of the SrcSize before reading data from pSrcData, potentially allowing reading beyond the allocated memory when SrcSize is less than 4. This could allow an attacker to access sensitive...
9.8CVSS
6.6AI Score
0.0004EPSS
Node.js is vulnerable to Denial of Service (DoS). The vulnerability is due to improper handling of HTTP/2 CONTINUATION frames, where sending a small amount of HTTP/2 frames packets can cause data to be left in nghttp2 memory after a reset, leading to a race condition when the Http2Session...
8.2CVSS
8.3AI Score
0.0004EPSS
node-tar is vulnerable to Denial of service (DoS). The vulnerability is caused by to lack of validation on the number of folders created during the folder creation process. This allows an attacker to consume excessive CPU and memory resources, potentially causing the system to become unresponsive.....
6.5CVSS
7AI Score
0.0004EPSS
FreeRDP is vulnerable to Out-of-bounds Read. The vulnerability is caused due to an incorrect calculation of the WCHAR string length during conversion to UTF-8 within redirection.c, resulting in out-of-bounds...
7.5CVSS
7.4AI Score
0.0004EPSS
libfreerdp.so is vulnerable to an out-of-bounds read. This vulnerability is due to inadequate bounds checking in the planar_skip_plane_rle function, leading to potential out-of-bounds reads when processing RLE-encoded...
9.8CVSS
7AI Score
0.0004EPSS
FreeRDP is vulnerable to Out-of-bounds Read. The vulnerability is caused due to inadequate bounds checking when reading data from a buffer.This allows an attacker to access or manipulate data outside its intended range, potentially leading to unauthorized information...
9.8CVSS
9.2AI Score
0.0004EPSS
Microsoft.NETCore.App.Runtime is vulnerable to Denial of Service. The vulnerability is due to reading a maliciously crafted X.509 certificate which may result in Denial of Service. This issue only affects Linux...
6.5CVSS
6.7AI Score
0.001EPSS
pymongo is vulnerable to Out-of-bounds Read. The vulnerability is due to improper validation of encoded BSON data during the deserialization process, which allows an attacker to submit a crafting payload resulting in an out-of-bounds...
4.7CVSS
6.7AI Score
0.0004EPSS
Deserialization Of Untrusted Data
mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to inadequate input validation in the _load_model function within mlflow/pytorch/init .py. This allows an attacker to execute arbitrary code on the victim's system by injecting a malicious pickle object...
8.8CVSS
8.9AI Score
0.0004EPSS
org.iq80.snappy: snappy is vulnerable to Out-of-Bounds-Read. The vulnerability is due to the usage of the JDK class sun.misc.Unsafe to speed up memory access without performing additional bounds checks, which can result in non-deterministic behavior or a JVM...
5.3CVSS
6.6AI Score
0.0004EPSS
libiniparser.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to improperly checking in iniparser_getstring of iniparser.c, allowing an attacker to cause an application...
5.5CVSS
6.7AI Score
0.0004EPSS
org.codehaus.janino:janino is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to the guessParameterNames method caused to an uncaught stack overflow exception, which can be triggered by user input with deeply nested structures causing the application to...
5.5CVSS
7.1AI Score
0.0004EPSS
mariadb is vulnerable to Denial of Service (DoS) attacks. The vulnerability occurs when MariaDB attempts to print a warning message for a query that fails. If the query contains a NULL value, MariaDB could dereference a NULL pointer and...
6.5CVSS
6.8AI Score
0.001EPSS
typo3/cms is vulnerable to Denial of Service (DoS). The vulnerability is caused by allowing an excessively high maximum result limit in TYPO3's Indexed Search component. This flaw potentially enables attackers to execute a Denial of Service (DoS)...
7.2AI Score
Drupal Brute force amplification attacks via XML-RPC
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same...
7.5CVSS
7.2AI Score
0.003EPSS
A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to.....
8.1CVSS
8.3AI Score
0.005EPSS
libmodbus is vulnerable to Denial of Service (DoS). The vulnerability is due to an invalid pointer in the modbus_receive() function, triggered by a crafted message sent to the unit-test-server, which results in Denial of Service...
6.3AI Score
EPSS
apache-any23-encoding is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the guessEncoding function of TikaEncodingDetector.java, which leads to excessive resource allocation, allowing an attacker to cause an application crash by providing a maliciously crafted...
6.5CVSS
6.7AI Score
0.001EPSS
directus is vulnerable to Denial Of Service (DoS). The vulnerability is caused by providing a non-numeric length value to the random string generation utility, which prevents the generation of random session IDs, resulting in Denial Of Service...
7.5CVSS
7.5AI Score
0.0004EPSS
typo3/cms-core is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of size limits on media files (*.youtube and *.vimeo) in the TYPO3 backend, which results in large files consuming excessive system...
7AI Score