Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56151

Summary
Assigner-elastic
Assigner Org ID-271b6943-45a9-4f3a-ab4e-976f3fa05b5a
Published At-01 Jul, 2026 | 16:29
Updated At-01 Jul, 2026 | 17:25
Rejected At-
Credits

Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:elastic
Assigner Org ID:271b6943-45a9-4f3a-ab4e-976f3fa05b5a
Published At:01 Jul, 2026 | 16:29
Updated At:01 Jul, 2026 | 17:25
Rejected At:
▼CVE Numbering Authority (CNA)
Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

Affected Products
Vendor
Elasticsearch BVElastic
Product
Kibana
Default Status
unaffected
Versions
Affected
  • From 9.0.0 through 9.3.5 (semver)
  • From 8.0.0 through 8.19.16 (semver)
  • From 9.4.0 through 9.4.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153CAPEC-153 Input Data Manipulation
CAPEC ID: CAPEC-153
Description: CAPEC-153 Input Data Manipulation
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45
N/A
Hyperlink: https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@elastic.co
Published At:01 Jul, 2026 | 17:16
Updated At:02 Jul, 2026 | 16:09

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Elasticsearch BV
elastic
>>kibana>>Versions from 8.0.0(inclusive) to 8.19.17(exclusive)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Elasticsearch BV
elastic
>>kibana>>Versions from 9.0.0(inclusive) to 9.3.6(exclusive)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Elasticsearch BV
elastic
>>kibana>>Versions from 9.4.0(inclusive) to 9.4.3(exclusive)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarysecurity@elastic.co
CWE ID: CWE-20
Type: Secondary
Source: security@elastic.co
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45security@elastic.co
Vendor Advisory
Hyperlink: https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45
Source: security@elastic.co
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

188Records found

CVE-2023-20525
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 44.52%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 20:57
Updated-07 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_7702_firmwareepyc_7343_firmwareepyc_7453epyc_7702p_firmwareepyc_7413_firmwareepyc_7f52epyc_7302epyc_7232p_firmwareepyc_7302_firmwareepyc_7443epyc_7542epyc_7763_firmwareepyc_7513epyc_7373x_firmwareepyc_7352epyc_7573x_firmwareepyc_7f32epyc_7302p_firmwareepyc_7742epyc_7252epyc_7542_firmwareepyc_7262epyc_7773x_firmwareepyc_72f3_firmwareepyc_7443p_firmwareepyc_7402epyc_7702pepyc_7443pepyc_7h12_firmwareepyc_75f3epyc_7443_firmwareepyc_7642_firmwareepyc_7f32_firmwareepyc_7552_firmwareepyc_7313pepyc_7402pepyc_7543pepyc_7f72_firmwareepyc_7642epyc_7532epyc_7502p_firmwareepyc_7573xepyc_7272_firmwareepyc_7663_firmwareepyc_7763epyc_7413epyc_7643epyc_7502epyc_7h12epyc_7f72epyc_7743_firmwareepyc_7643_firmwareepyc_72f3epyc_7262_firmwareepyc_7352_firmwareepyc_74f3_firmwareepyc_7532_firmwareepyc_7502_firmwareepyc_7543_firmwareepyc_7402p_firmwareepyc_7373xepyc_7232pepyc_7282_firmwareepyc_7743epyc_7452epyc_7452_firmwareepyc_7302pepyc_73f3_firmwareepyc_7702epyc_7543p_firmwareepyc_7663epyc_7773xepyc_7543epyc_7f52_firmwareepyc_7313p_firmwareepyc_7662_firmwareepyc_7252_firmwareepyc_7002_firmwareepyc_7313epyc_7003epyc_7003_firmwareepyc_7002epyc_7313_firmwareepyc_7402_firmwareepyc_74f3epyc_75f3_firmwareepyc_7343epyc_7272epyc_7662epyc_7713p_firmwareepyc_7713pepyc_73f3epyc_7713_firmwareepyc_7453_firmwareepyc_7552epyc_7502pepyc_7713epyc_7742_firmwareepyc_7282epyc_7513_firmware3rd Gen EPYC2nd Gen EPYC
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16152
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 69.07%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 15:27
Updated-25 Oct, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortinet FortiClientLinux
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15276
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-46.30% / 98.68%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 03:12
Updated-21 Nov, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-wireless_lan_controller_softwareCisco Wireless LAN Controller (WLC)
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16027
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-1.51% / 71.65%
||
7 Day CHG~0.00%
Published-26 Jan, 2020 | 04:31
Updated-15 Nov, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR Software Intermediate System–to–Intermediate System Denial of Service Vulnerability

A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-xrv_9000ncs_5001ncs_5002asr_9010ncs_5516ncs_6000xr_12416xr_12410asr_9006crsncs_540xr_12406ios_xrxr_12404ncs_5500ncs_5508asr_9903ncs_5501asr_9000ncs_560ncs_5011asr_9001asr_9000vncs_6008asr_9910asr_9906asr_9920asr_9904asr_9912asr_9922ncs_5502asr_9901Cisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4530
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 69.74%
||
7 Day CHG~0.00%
Published-19 Jun, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message.

Action-Not Available
Vendor-osisoftn/a
Product-pi_sql_data_access_server_2016n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-40593
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.32% / 24.41%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-16 Dec, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0). The affected application allows to control the device by storing arbitrary files in the SFTP folder of the device. This could allow an attacker to cause a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-simatic_cn_4100_firmwaresimatic_cn_4100SIMATIC CN 4100
CWE ID-CWE-20
Improper Input Validation
CVE-2025-3898
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.1||HIGH
EPSS-0.44% / 35.77%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 08:22
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.

Action-Not Available
Vendor-Schneider Electric SE
Product-Modicon Controllers M241/M251Modicon Controllers M262
CWE ID-CWE-20
Improper Input Validation
CVE-2022-47392
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 54.51%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 10:01
Updated-17 Jul, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to Improper Input Validation

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-20
Improper Input Validation
CVE-2023-50308
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.77% / 51.64%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 18:44
Updated-10 Jun, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-linux_kerneldb2linux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32666
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.92% / 56.33%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 21:35
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Asset DoS vulnerability

wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it will cause the iOS client to crash. The vulnerability is patched in wire-ios version 3.8.1.

Action-Not Available
Vendor-wirewireapp
Product-wirewire-ios
CWE ID-CWE-20
Improper Input Validation
CVE-2025-3116
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.1||HIGH
EPSS-0.39% / 30.82%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 08:34
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.

Action-Not Available
Vendor-Schneider Electric SE
Product-Modicon Controllers M258 / LMC058Modicon Controllers M241/M251
CWE ID-CWE-20
Improper Input Validation
CVE-2024-6436
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.7||HIGH
EPSS-0.63% / 46.18%
||
7 Day CHG~0.00%
Published-27 Sep, 2024 | 19:45
Updated-22 Oct, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation Input Validation Vulnerability exists in the SequenceManager™ Server

An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service condition. If exploited, the device would become unresponsive, and a manual restart will be required for recovery. Additionally, if exploited, there could be a loss of view for the downstream equipment sequences in the controller. Users would not be able to view the status or command the equipment sequences, however the equipment sequence would continue to execute uninterrupted.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-sequencemanagerSequenceManager™sequencemanager
CWE ID-CWE-20
Improper Input Validation
CVE-2025-32079
Matching Score-4
Assigner-The Wikimedia Foundation
ShareView Details
Matching Score-4
Assigner-The Wikimedia Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.37% / 29.23%
||
7 Day CHG+0.03%
Published-11 Apr, 2025 | 16:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Saving the right content to MediaWiki:GrowthMentors.json can take down the site

Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments allows HTTP DoS.This issue affects Mediawiki - GrowthExperiments: from 1.39 through 1.43.

Action-Not Available
Vendor-Wikimedia Foundation
Product-Mediawiki - GrowthExperiments
CWE ID-CWE-20
Improper Input Validation
CVE-2025-29968
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.62% / 73.46%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-13 Feb, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Active Directory Certificate Services (AD CS) Denial of Service Vulnerability

Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2022_23h2windows_server_2019windows_server_2008windows_server_2022Windows Server 2022Windows Server 2008 R2 Service Pack 1Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7855
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-31.07% / 98.06%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxSiemens AGNetApp, Inc.
Product-data_ontaptim_4r-iedebian_linuxtim_4r-ie_dnp3_firmwareoncommand_performance_managerntptim_4r-ie_dnp3clustered_data_ontaponcommand_balanceoncommand_unified_managertim_4r-ie_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-29507
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.75% / 50.81%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 21:00
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
dlt-daemon could crash if there is special character in dlt.conf

GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually.

Action-Not Available
Vendor-geniviGENIVI
Product-diagnostic_log_and_tracedlt-daemon
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43908
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 45.05%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 01:56
Updated-21 Oct, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium denial of service

IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-20
Improper Input Validation
CVE-2015-7702
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-5.21% / 91.56%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

Action-Not Available
Vendor-ntpn/aOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-data_ontapdebian_linuxenterprise_linux_serverenterprise_linux_workstationoncommand_performance_managerntpenterprise_linux_desktopenterprise_linux_server_tusclustered_data_ontapenterprise_linux_server_euslinuxenterprise_linux_server_ausoncommand_unified_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43903
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 45.05%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 23:49
Updated-26 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Security Guardium denial of service

IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-20
Improper Input Validation
CVE-2025-26489
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
ShareView Details
Matching Score-4
Assigner-EU Agency for Cybersecurity (ENISA)
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 21.01%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 08:56
Updated-22 Dec, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in Netconf service in Infinera MTC-9

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Action-Not Available
Vendor-InfineraNokia Corporation
Product-infinera_mtc-9_firmwareinfinera_mtc-9MTC-9
CWE ID-CWE-20
Improper Input Validation
CVE-2025-24319
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.1||HIGH
EPSS-0.38% / 29.84%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 17:31
Updated-04 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Next Central Manager vulnerability

When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_next_central_managerBIG-IP Next Central Manager
CWE ID-CWE-20
Improper Input Validation
CVE-2022-43919
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.71% / 49.39%
||
7 Day CHG~0.00%
Published-05 May, 2023 | 14:24
Updated-29 Jan, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.

Action-Not Available
Vendor-IBM Corporation
Product-mq_applianceMQ
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26251
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 42.83%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-openvinoIntel(R) Distribution of OpenVINO(TM) Toolkit
CWE ID-CWE-20
Improper Input Validation
CVE-2026-46357
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.00%
||
7 Day CHG~0.00%
Published-05 Jun, 2026 | 19:21
Updated-09 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HAX CMS NodeJS application Vulnerable to Denial of Service using Malicious Import Request

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Version 26.0.0 fixes the issue.

Action-Not Available
Vendor-haxtheweb
Product-haxcms-nodejs
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37554
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.65%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:05
Updated-11 Oct, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Improper Input Validation in CmpAppBP

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37549
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.65%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:02
Updated-11 Oct, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Improper Input Validation in CmpApp component

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37553
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.65%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:04
Updated-11 Oct, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Improper Input Validation in CmpAppBP

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3439
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.79% / 75.97%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 20:00
Updated-07 Aug, 2024 | 03:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

Action-Not Available
Vendor-cor-entertainmentalien-arenaDebian GNU/LinuxFedora Project
Product-alien-arenadebian_linuxfedoraalien-arena
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37547
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.65%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:01
Updated-11 Oct, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Improper Input Validation in CmpApp component

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34390
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
ShareView Details
Matching Score-4
Assigner-Schweitzer Engineering Laboratories, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.66% / 47.63%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 16:54
Updated-02 Aug, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation could lead to denial of service

An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more details.

Action-Not Available
Vendor-Schweitzer Engineering Laboratories, Inc. (SEL)
Product-sel-451sel-451_firmwareSEL-451
CWE ID-CWE-20
Improper Input Validation
CVE-2024-55653
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 44.47%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 22:56
Updated-18 Apr, 2025 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pwndoc's UnhandledPromiseRejection on audits causes Denial of Service (DoS)

PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available.

Action-Not Available
Vendor-pwndoc_projectpwndoc
Product-pwndocpwndoc
CWE ID-CWE-20
Improper Input Validation
CVE-2009-5004
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.56% / 83.33%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 03:01
Updated-07 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

Action-Not Available
Vendor-qpid-cppThe Apache Software Foundation
Product-qpid-cppqpid-cpp
CWE ID-CWE-20
Improper Input Validation
CVE-2025-20389
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 29.35%
||
7 Day CHG~0.00%
Published-03 Dec, 2025 | 17:00
Updated-05 Dec, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in "label" column field in Splunk Secure Gateway App

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `label` column field after adding a new device in the Splunk Secure Gateway app. This could potentially lead to a client-side denial of service (DoS).

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunk_secure_gatewaysplunk_cloud_platformsplunkSplunk Secure GatewaySplunk EnterpriseSplunk Cloud Platform
CWE ID-CWE-20
Improper Input Validation
CVE-2018-14661
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.66% / 83.97%
||
7 Day CHG~0.00%
Published-31 Oct, 2018 | 20:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

Action-Not Available
Vendor-glusterThe Gluster ProjectDebian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverdebian_linuxvirtualizationenterprise_linuxvirtualization_hostglusterfsglusterfs-server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-41861
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.10% / 62.05%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.

Action-Not Available
Vendor-n/aFreeRADIUS
Product-freeradiusfreeradius
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2018-11782
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-2.42% / 82.34%
||
7 Day CHG~0.00%
Published-26 Sep, 2019 | 15:55
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-subversionApache Subversion
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41606
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.63%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-20 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-nomadn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-42012
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.31% / 67.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2022 | 00:00
Updated-09 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.

Action-Not Available
Vendor-n/aFedora Projectfreedesktop.org
Product-fedoradbusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2025-11933
Matching Score-4
Assigner-wolfSSL Inc.
ShareView Details
Matching Score-4
Assigner-wolfSSL Inc.
CVSS Score-2.3||LOW
EPSS-0.40% / 32.60%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 22:19
Updated-08 Dec, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions.

Action-Not Available
Vendor-wolfsslwofSSLApple Inc.Linux Kernel Organization, Inc
Product-macoslinux_kernelwolfsslwolfSSL
CWE ID-CWE-20
Improper Input Validation
CVE-2025-10061
Matching Score-4
Assigner-MongoDB, Inc.
ShareView Details
Matching Score-4
Assigner-MongoDB, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.86%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 20:48
Updated-13 Nov, 2025 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Malformed $group Query May Cause MongoDB Server to Crash

An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operation. This vulnerability could lead to denial of service if triggered repeatedly. This issue affects MongoDB Server v6.0 versions prior to 6.0.25, MongoDB Server v7.0 versions prior to 7.0.22, MongoDB Server v8.0 versions prior to 8.0.12 and MongoDB Server v8.1 versions prior to 8.1.2

Action-Not Available
Vendor-MongoDB, Inc.
Product-mongodbMongoDB Server
CWE ID-CWE-20
Improper Input Validation
CVE-2022-39232
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.98% / 58.38%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 20:15
Updated-23 Apr, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse vulnerable to incomplete quote causing a topic to crash in the browser

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-20
Improper Input Validation
CVE-2022-40235
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 45.00%
||
7 Day CHG~0.00%
Published-03 Nov, 2022 | 00:00
Updated-02 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

"IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725."

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-aixinfosphere_information_serverwindowslinux_kernelIBM InfoSphere Information Server
CWE ID-CWE-20
Improper Input Validation
CVE-2022-39346
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.99% / 58.60%
||
7 Day CHG~0.00%
Published-25 Nov, 2022 | 00:00
Updated-23 Apr, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing length validation of user displayname in nextcloud server

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

Action-Not Available
Vendor-Fedora ProjectNextcloud GmbH
Product-nextcloud_enterprise_serverfedoranextcloud_serversecurity-advisories
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-39281
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.41% / 69.73%
||
7 Day CHG~0.00%
Published-08 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Denial of Service via Tasks endpoint in fat_free_crm

fat_free_crm is a an open source, Ruby on Rails customer relationship management platform (CRM). In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit `c85a254` and will be available in release `0.20.1`. Users are advised to upgrade or to manually apply patch `c85a254`. There are no known workarounds for this issue.

Action-Not Available
Vendor-fatfreecrmfatfreecrm
Product-fatfreecrmfat_free_crm
CWE ID-CWE-20
Improper Input Validation
CVE-2023-22470
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.5||LOW
EPSS-0.66% / 47.60%
||
7 Day CHG~0.00%
Published-14 Jan, 2023 | 00:32
Updated-10 Mar, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud Deck vulnerable to uncontrolled resource consumption

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2.

Action-Not Available
Vendor-Nextcloud GmbH
Product-decksecurity-advisories
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1570
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.79% / 52.02%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 17:45
Updated-07 Nov, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Jabber Desktop and Mobile Client Software Vulnerabilities

Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-jabberCisco Jabber
CWE ID-CWE-399
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2016-6170
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-40.54% / 98.49%
||
7 Day CHG~0.00%
Published-06 Jul, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

Action-Not Available
Vendor-n/aInternet Systems Consortium, Inc.Red Hat, Inc.
Product-bindenterprise_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-34851
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.66% / 47.41%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 17:47
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2022-34851

In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_application_acceleration_managerbig-ip_link_controllerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-iq_centralized_managementbig-ip_global_traffic_managerbig-ip_analyticsbig-ip_access_policy_managerbig-ip_domain_name_systembig-ip_local_traffic_managerbig-ip_advanced_firewall_managerbig-ip_application_security_managerBIG-IQ Centralized ManagementBIG-IP
CWE ID-CWE-20
Improper Input Validation
CVE-2022-3429
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 39.10%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 18:57
Updated-09 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

Action-Not Available
Vendor-Lenovo Group Limited
Product-gm266dns_firmwaregm266dnsg263dns_firmwareg263dnsgm265dngm265dn_firmwarePrinter GM265DN (production date July 2022 and later)Printer GM266DNSPrinter GM265DN (production date June 2022 and before)Printer G263DNS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-7507
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.7||HIGH
EPSS-0.50% / 39.48%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 19:35
Updated-04 Mar, 2025 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation

CVE-2024-7507 IMPACT A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-compactlogix_5480compactlogix_5380controllogix_5580_firmwarecontrollogix_5580compact_guardlogix_5380_sil_3_firmwarecompact_guardlogix_5380_sil_3compactlogix_5380_firmwarecompact_guardlogix_5380_sil_2_firmwareguardlogix_5580_firmwarecompactlogix_5480_firmwareguardlogix_5580compact_guardlogix_5380_sil_2CompactLogix 5380 (5069 – L3z)CompactLogix 5480 (5069-L4)Compact GuardLogix 5380 (5069- L3zS2)GuardLogix 5580 (1756-L8z)ControlLogix® 5580 (1756 –L8z)controllogix_5580_firmwarecompactlogix_5480_firmwareguardlogix_5580_firmwarecontrollogix_5380_firmwarecompact_guardlogix_5380_firmware
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found