Total
1730 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36943 | 1 Asc | 1 Timetables | 2026-01-29 | 7.5 High |
| aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash. | ||||
| CVE-2020-36950 | 1 Laravel | 1 Laravel Nova | 2026-01-29 | 6.5 Medium |
| Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server. | ||||
| CVE-2025-55102 | 1 Eclipse | 1 Threadx Netx Duo | 2026-01-29 | N/A |
| A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2025-58187 | 1 Golang | 2 Crypto, Go | 2026-01-29 | 7.5 High |
| Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains. | ||||
| CVE-2025-61723 | 1 Golang | 2 Encoding, Go | 2026-01-29 | 7.5 High |
| The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. | ||||
| CVE-2025-61724 | 1 Golang | 2 Go, Net | 2026-01-29 | 5.3 Medium |
| The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. | ||||
| CVE-2025-59089 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 5 more | 2026-01-28 | 5.9 Medium |
| If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients. | ||||
| CVE-2026-22773 | 2 Vllm, Vllm-project | 2 Vllm, Vllm | 2026-01-27 | 6.5 Medium |
| vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0. | ||||
| CVE-2025-58578 | 1 Sick | 1 Enterprise Analytics | 2026-01-27 | 3.8 Low |
| A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation. | ||||
| CVE-2025-58582 | 1 Sick | 1 Enterprise Analytics | 2026-01-27 | 5.3 Medium |
| If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged. | ||||
| CVE-2025-14525 | 1 Redhat | 1 Container Native Virtualization | 2026-01-27 | 6.4 Medium |
| A flaw was found in kubevirt. A user within a virtual machine (VM), if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes to the Virtual Machine Instance (VMI). This allows the VM user to restrict the VM administrator's ability to manage the VM, leading to a denial of service for administrative operations. | ||||
| CVE-2026-1102 | 1 Gitlab | 1 Gitlab | 2026-01-26 | 5.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests. | ||||
| CVE-2025-13927 | 1 Gitlab | 1 Gitlab | 2026-01-26 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data. | ||||
| CVE-2024-47502 | 1 Juniper | 2 Junos Evolved, Junos Os Evolved | 2026-01-26 | 7.5 High |
| An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In specific cases the state of TCP sessions that are terminated is not cleared, which over time leads to an exhaustion of resources, preventing new connections to the control plane from being established. A continuously increasing number of connections shown by: user@host > show system connections is indicative of the problem. To recover the respective RE needs to be restarted manually. This issue only affects IPv4 but does not affect IPv6. This issue only affects TCP sessions established in-band (over an interface on an FPC) but not out-of-band (over the management ethernet port on the routing-engine). This issue affects Junos OS Evolved: * All versions before 21.4R3-S9-EVO, * 22.2 versions before 22.2R3-S4-EVO, * 22.4 version before 22.4R3-S3-EVO, * 23.2 versions before 23.2R2-S1-EVO, * 23.4 versions before 23.4R2-EVO. | ||||
| CVE-2021-47771 | 1 Cinspiration | 1 Rdp Manager | 2026-01-26 | 5.5 Medium |
| RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname and Server fields to permanently freeze and crash the software, potentially requiring full reinstallation. | ||||
| CVE-2025-11044 | 1 Br-automation | 1 Automation Runtime | 2026-01-26 | 6.8 Medium |
| An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices. | ||||
| CVE-2021-47876 | 1 Geogebra | 1 Classic | 2026-01-26 | 7.5 High |
| GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash. | ||||
| CVE-2021-47875 | 1 Geogebra | 1 Cas Calculator | 2026-01-26 | 9.8 Critical |
| GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash. | ||||
| CVE-2021-47877 | 1 Geogebra | 1 Graphing Calculator | 2026-01-26 | 7.5 High |
| GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive. | ||||
| CVE-2021-47894 | 1 Northwest Performance Software | 1 Managed Switch Port Mapping Tool | 2026-01-26 | 7.5 High |
| Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the application crash. | ||||