Total
2684 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48989 | 2026-04-15 | N/A | 7.5 HIGH | ||
| A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | |||||
| CVE-2025-54884 | 2026-04-15 | N/A | N/A | ||
| Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 (packaged in Vision UI 1.4.0 and below) are vulnerable to Denial of Service (DoS) attacks. The generateSecureId(length) function directly used the length parameter to size a Uint8Array buffer, allowing attackers to exhaust server memory through repeated requests for large IDs since the previous 1024 limit was insufficient. The getSecureRandomInt(min, max) function calculated buffer size based on the range between min and max, where large ranges caused excessive memory allocation and CPU-intensive rejection-sampling loops that could hang the thread. This issue is fixed in version 1.5.0. | |||||
| CVE-2024-47210 | 2026-04-15 | N/A | 8.8 HIGH | ||
| Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js. | |||||
| CVE-2025-54572 | 2026-04-15 | N/A | N/A | ||
| The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1. | |||||
| CVE-2025-11149 | 2026-04-15 | N/A | 7.5 HIGH | ||
| This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. | |||||
| CVE-2023-7326 | 2026-04-15 | N/A | N/A | ||
| The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory handling, resulting in the printer process shutting down or powering off, causing a denial of service condition. | |||||
| CVE-2024-57082 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2024-5055 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes. | |||||
| CVE-2024-35185 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends a request to an endpoint and will use the data from the body of the response as the data to evaluate against a certain rule. If the response is sufficiently large, it can drain memory on the machine and crash the Minder server. The attacker can control the remote REST endpoints that Minder sends requests to, and they can configure the remote REST endpoints to return responses with large bodies. They would then instruct Minder to send a request to their configured endpoint that would return the large response which would crash the Minder server. Version 0.0.49 fixes this issue. | |||||
| CVE-2024-54192 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c. | |||||
| CVE-2024-21823 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalation of privilege local access | |||||
| CVE-2026-33155 | 1 Qluster | 1 Deepdiff | 2026-04-14 | N/A | 7.5 HIGH |
| DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constructors that allocate memory proportional to their input (builtins.bytes, builtins.list, builtins.range). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta objects or call pickle_load with untrusted data. This issue has been patched in version 8.6.2. | |||||
| CVE-2025-66453 | 1 Mozilla | 1 Rhino | 2026-04-14 | N/A | 7.5 HIGH |
| Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1. | |||||
| CVE-2025-67133 | 1 Heromotocorp | 2 Vida V1 Pro, Vida V1 Pro Firmware | 2026-04-14 | N/A | 7.5 HIGH |
| An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component | |||||
| CVE-2026-34593 | 1 Ash-hq | 1 Ash Framework | 2026-04-13 | N/A | 7.5 HIGH |
| Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.cast_input/2 unconditionally creates a new Erlang atom via Module.concat([value]) for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has a hard default limit of approximately 1,048,576 entries, an attacker who can submit values to any resource attribute or argument of type :module can exhaust this table and crash the entire BEAM VM, taking down the application. This issue has been patched in version 3.22.0. | |||||
| CVE-2026-33459 | 1 Elastic | 1 Kibana | 2026-04-13 | N/A | 6.5 MEDIUM |
| Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently, the backend services become unstable, resulting in service disruption and deployment unavailability for all users. | |||||
| CVE-2026-4727 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||||
| CVE-2026-4726 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||||
| CVE-2026-4704 | 1 Mozilla | 1 Firefox | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. | |||||
| CVE-2026-0889 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | N/A | 7.5 HIGH |
| Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | |||||