Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This al…

It is possible to construct a zone such that some queries to it will generate responses contain…

body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of …

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Secur…

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.2…

nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denia…

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using eith…

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. Whe…

fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a d…

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixe…

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC manag…

IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 IBM MQ Container Developer Edition is vulnerab…

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using eith…

Misskey is an open source, federated social media platform. In affected versions FileServerServ…

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, …

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susc…

OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voic…

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhoo…

Marshmallow is a lightweight library for converting complex objects to and from simple Python d…

An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on th…

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted …

This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confl…

IBM InfoSphere Information Server could allow an authenticated user to consume file space resou…

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to ve…

Querying for records within a specially crafted zone containing certain malformed DNSKEY record…

HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial o…

SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted re…

SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privi…

A series of specifically crafted, unauthenticated messages can exhaust available memory and cra…

SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilit…

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY re…

Fulcio is a free-to-use certificate authority for issuing code signing certificates for an Open…

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials Ge…

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify …

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify …

SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacke…

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Func…

Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.

Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of s…