Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) tha
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocati
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to ente
Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a `DELETE` request with their current password in a query parameter will
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a res
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS:
Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and
A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picot
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote p
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnera
Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or contr
TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CON
Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limit
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑servi
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 dow
Page 1+ Next →