ReportizFlow
Filtered by vendor
Subscriptions
Total
3815 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42154 | 1 Prometheus | 1 Prometheus | 2026-05-04 | 7.5 High |
| Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust available memory and crash the Prometheus process. This issue has been patched in versions 3.5.3 and 3.11.3. | ||||
| CVE-2026-42467 | 1 Danielmartensson | 1 Open-sae-j1939 | 2026-05-04 | 7.5 High |
| An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus. | ||||
| CVE-2025-70071 | 1 Assimp | 1 Assimp | 2026-05-04 | 5.9 Medium |
| An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray() | ||||
| CVE-2026-40951 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-04 | 5.5 Medium |
| CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service. | ||||
| CVE-2026-22740 | 1 Vmware | 1 Spring Framework | 2026-05-04 | 6.5 Medium |
| A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are also affected. | ||||
| CVE-2026-22745 | 2 Microsoft, Vmware | 2 Windows, Spring Framework | 2026-05-04 | 5.3 Medium |
| Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the application is using Spring MVC or Spring WebFlux * the application is serving static resources from the file system * the application is running on a Windows platform When all the conditions above are met, the attacker can send malicious requests that are slow to resolve and that can keep HTTP connections in use. This can cause a Denial of Service on the application. | ||||
| CVE-2026-42403 | 1 Apache | 1 Neethi | 2026-05-01 | 7.5 High |
| Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause excessive recursion, leading to a stack overflow or application hang. An attacker can craft malicious policy documents with circular references to cause a Denial of Service condition Users are recommended to upgrade to version 3.2.2, which fixes this issue. | ||||
| CVE-2026-28221 | 1 Wazuh | 1 Wazuh | 2026-04-30 | 6.5 Medium |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintf(dst_buf + 2*i, "%.2x", src_buf[i]) on platforms where char is treated as signed and the compiled code sign-extends bytes before the variadic call. For input bytes such as 0xFF, the formatting can emit "ffffffff" (8 chars) instead of "ff" (2 chars), causing an out-of-bounds write past a fixed 2049-byte stack buffer. The vulnerable path is reachable remotely prior to any agent authentication/registration logic via TCP/1514 when an oversized length prefix causes the “unexpected message (hex)” diagnostic path to run. Additionally, the same unauthenticated oversized-message diagnostic path logs an attacker-controlled hex dump to /var/ossec/logs/ossec.log for each trigger, allowing remote log amplification that can degrade monitoring fidelity and consume disk/I/O. This log amplification is reachable even without triggering the sign-extension overflow (e.g., using bytes < 0x80). This issue has been patched in version 4.14.4. | ||||
| CVE-2025-25374 | 1 Nasa | 1 Core Flight System | 2026-04-30 | 7.5 High |
| In NASA cFS (Core Flight System) Aquila, it is possible to put the onboard software in a state that will prevent the launch of any external application, causing a platform denial of service. | ||||
| CVE-2026-40980 | 2 Spring, Vmware | 2 Spring, Spring Ai | 2026-04-29 | 6.5 Medium |
| In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5) | ||||
| CVE-2025-24126 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-04-29 | 9.8 Critical |
| An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to corrupt process memory. | ||||
| CVE-2025-31245 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-29 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination. | ||||
| CVE-2026-34267 | 1 Oracle | 1 Mysql Server | 2026-04-29 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2026-34272 | 1 Oracle | 1 Mysql Server | 2026-04-29 | 6.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2025-24151 | 1 Apple | 1 Macos | 2026-04-29 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2026-34281 | 1 Oracle | 1 Solaris | 2026-04-29 | 6.5 Medium |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | ||||
| CVE-2026-34304 | 1 Oracle | 1 Mysql Server | 2026-04-29 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2026-30350 | 1 Ibbybuilds | 1 Aegra | 2026-04-28 | 7.5 High |
| An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2026-41680 | 2 Marked Project, Markedjs | 2 Marked, Marked | 2026-04-28 | 7.5 High |
| Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline (\x09\x0b\n)—an unauthenticated attacker can trigger an infinite recursion loop during parsing. This leads to unbounded memory allocation, causing the host Node.js application to crash via Memory Exhaustion (OOM). This vulnerability is fixed in 18.0.2. | ||||
| CVE-2023-49837 | 1 Davidartiss | 1 Code Embed | 2026-04-28 | 6.5 Medium |
| Uncontrolled Resource Consumption vulnerability in David Artiss Code Embed.This issue affects Code Embed: from n/a through 2.3.6. | ||||