Total
2684 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4926 | 1 Pillarjs | 1 Path-to-regexp | 2026-04-16 | N/A | 7.5 HIGH |
| Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly brace syntax), such as `{a}{b}{c}:z`. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of sequential optional groups in route patterns. Avoid passing user-controlled input as route patterns. | |||||
| CVE-2026-34230 | 1 Rack | 1 Rack | 2026-04-16 | N/A | 5.3 MEDIUM |
| Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard (*) entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted Accept-Encoding header and cause disproportionate CPU consumption on the compression middleware path. This results in a denial of service condition for applications using Rack::Deflater. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6. | |||||
| CVE-2026-34826 | 1 Rack | 1 Rack | 2026-04-16 | N/A | 5.3 MEDIUM |
| Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the file size, it does not restrict the count of ranges. An attacker can supply many small overlapping ranges such as 0-0,0-0,0-0,... to trigger disproportionate CPU, memory, I/O, and bandwidth consumption per request. This results in a denial of service condition in Rack file-serving paths that process multipart byte range responses. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6. | |||||
| CVE-2026-34829 | 1 Rack | 1 Rack | 2026-04-16 | N/A | 7.5 HIGH |
| Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT_LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size limit. For file parts, the uploaded body is written directly to a temporary file on disk rather than being constrained by the buffered in-memory upload limit. An unauthenticated attacker can therefore stream an arbitrarily large multipart file upload and consume unbounded disk space. This results in a denial of service condition for Rack applications that accept multipart form data. This issue has been patched in versions 2.2.23, 3.1.21, and 3.2.6. | |||||
| CVE-2026-27307 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A | 2.4 LOW |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction. | |||||
| CVE-2026-27308 | 1 Adobe | 1 Coldfusion | 2026-04-16 | N/A | 2.4 LOW |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction. | |||||
| CVE-2004-1464 | 1 Cisco | 1 Ios | 2026-04-16 | 5.0 MEDIUM | 5.9 MEDIUM |
| Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. | |||||
| CVE-2026-35406 | 1 Containers | 1 Aardvark-dns | 2026-04-16 | N/A | 6.2 MEDIUM |
| Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1. | |||||
| CVE-2003-0714 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | 7.5 HIGH | N/A |
| The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000. | |||||
| CVE-2002-0368 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources." | |||||
| CVE-2005-2309 | 1 Opera | 1 Opera Browser | 2026-04-16 | 5.0 MEDIUM | N/A |
| Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg. | |||||
| CVE-1999-0159 | 1 Cisco | 1 Ios | 2026-04-16 | 5.0 MEDIUM | 3.5 LOW |
| Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases. | |||||
| CVE-2002-1873 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | |||||
| CVE-2001-0666 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | 2.1 LOW | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. | |||||
| CVE-2005-1260 | 4 Apple, Bzip, Canonical and 1 more | 4 Mac Os X, Bzip2, Ubuntu Linux and 1 more | 2026-04-16 | 5.0 MEDIUM | N/A |
| bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | |||||
| CVE-2004-1201 | 1 Opera | 1 Opera Browser | 2026-04-16 | 5.0 MEDIUM | N/A |
| Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
| CVE-2005-0738 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. | |||||
| CVE-2002-1876 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | 2.1 LOW | N/A |
| Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | |||||
| CVE-2001-0827 | 1 Grant Averett | 1 Ceberus Ftp Server | 2026-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests. | |||||
| CVE-2006-1364 | 1 Microsoft | 1 Asp.net | 2026-04-16 | 7.8 HIGH | 7.5 HIGH |
| Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path. | |||||