Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (6949 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28717 1 Openstack 1 Storlets 2026-04-15 4.9 Medium
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.
CVE-2025-14105 1 Tozed 2 Zlt M30s, Zlt M30s Pro 2026-04-15 4.3 Medium
A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOT_DEVICE can lead to denial of service. The attack can only be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-6202 2026-04-15 N/A
Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.
CVE-2024-8939 1 Redhat 1 Enterprise Linux Ai 2026-04-15 6.2 Medium
A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service.
CVE-2024-9135 2026-04-15 5.3 Medium
On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
CVE-2024-5569 1 Redhat 5 Ansible Automation Platform, Openshift Ironic, Openstack and 2 more 2026-04-15 6.2 Medium
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
CVE-2022-32505 1 Nuki 2 Smart Lock V2, Smart Lock V3 Pro 2026-04-15 7.1 High
An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.
CVE-2025-55014 1 Stardict 1 Stardict 2026-04-15 4.7 Medium
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP.
CVE-2025-9341 1 Bouncycastle 1 Legion-of-the-bouncy-castle-fips-java-api 2026-04-15 6.2 Medium
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java, org/bouncycastle/crypto/engines/AESNativeCBC.Java. This issue affects Bouncy Castle for Java FIPS: 2.1.0; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7.
CVE-2024-24783 1 Redhat 23 Advanced Cluster Security, Ansible Automation Platform, Ceph Storage and 20 more 2026-04-15 5.9 Medium
Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
CVE-2025-9670 2026-04-15 5.3 Medium
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
CVE-2025-7462 1 Artifex 1 Ghostpdl 2026-04-15 4.3 Medium
A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue.
CVE-2025-2956 2026-04-15 6.5 Medium
A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-13058 1 Softiron 1 Hypercloud 2026-04-15 N/A
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.
CVE-2024-6126 1 Redhat 1 Enterprise Linux 2026-04-15 3.2 Low
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
CVE-2024-6501 1 Redhat 2 Enterprise Linux, Openshift 2026-04-15 3.1 Low
A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service.
CVE-2025-50057 2026-04-15 N/A
A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.
CVE-2024-0760 1 Isc 1 Bind 2026-04-15 7.5 High
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
CVE-2025-2957 2026-04-15 6.5 Medium
A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-50966 2026-04-15 5.3 Medium
erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.