Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56151

Summary
Assigner-elastic
Assigner Org ID-271b6943-45a9-4f3a-ab4e-976f3fa05b5a
Published At-01 Jul, 2026 | 16:29
Updated At-01 Jul, 2026 | 17:25
Rejected At-
Credits

Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:elastic
Assigner Org ID:271b6943-45a9-4f3a-ab4e-976f3fa05b5a
Published At:01 Jul, 2026 | 16:29
Updated At:01 Jul, 2026 | 17:25
Rejected At:
▼CVE Numbering Authority (CNA)
Improper Input Validation in Kibana Leading to Denial of Service

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

Affected Products
Vendor
Elasticsearch BVElastic
Product
Kibana
Default Status
unaffected
Versions
Affected
  • From 9.0.0 through 9.3.5 (semver)
  • From 8.0.0 through 8.19.16 (semver)
  • From 9.4.0 through 9.4.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153CAPEC-153 Input Data Manipulation
CAPEC ID: CAPEC-153
Description: CAPEC-153 Input Data Manipulation
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45
N/A
Hyperlink: https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@elastic.co
Published At:01 Jul, 2026 | 17:16
Updated At:02 Jul, 2026 | 16:09

Improper Input Validation (CWE-20) in Kibana can lead to a denial of service via Input Data Manipulation (CAPEC-153). An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality unavailable.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Elasticsearch BV
elastic
>>kibana>>Versions from 8.0.0(inclusive) to 8.19.17(exclusive)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Elasticsearch BV
elastic
>>kibana>>Versions from 9.0.0(inclusive) to 9.3.6(exclusive)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Elasticsearch BV
elastic
>>kibana>>Versions from 9.4.0(inclusive) to 9.4.3(exclusive)
cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Secondarysecurity@elastic.co
CWE ID: CWE-20
Type: Secondary
Source: security@elastic.co
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45security@elastic.co
Vendor Advisory
Hyperlink: https://discuss.elastic.co/t/kibana-8-19-17-9-3-6-9-4-3-security-update-esa-2026-45
Source: security@elastic.co
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

188Records found

CVE-2022-31772
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.71% / 49.39%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 18:56
Updated-01 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM MQ denial of service

IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationOracle CorporationHP Inc.IBM Corporation
Product-solarislinux_kernelihp-uxlinux_on_ibm_zwindowsmqaixMQ
CWE ID-CWE-20
Improper Input Validation
CVE-2019-8737
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 54.33%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 19:43
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29892
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-1.00% / 58.76%
||
7 Day CHG~0.00%
Published-04 Jul, 2022 | 06:56
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

Action-Not Available
Vendor-Cybozu, Inc.
Product-garoonCybozu Garoon
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29494
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.64% / 46.71%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-xeon_gold_6330hxeon_platinum_8368qopenbmcxeon_platinum_8358xeon_gold_5318hxeon_gold_5315yxeon_silver_4310xeon_platinum_8376hlxeon_gold_5317xeon_gold_5320hxeon_platinum_8362xeon_gold_5320xeon_gold_6334xeon_platinum_8360yxeon_platinum_8354hxeon_platinum_8356hxeon_platinum_8380hxeon_gold_6338xeon_platinum_8360hlxeon_gold_6338txeon_gold_6346c627axeon_gold_6342xeon_platinum_8376hc621axeon_gold_5318sxeon_gold_6330xeon_platinum_8352yxeon_silver_4309yxeon_gold_6338nxeon_platinum_8368xeon_gold_5320txeon_gold_6314uxeon_platinum_8352sxeon_gold_5318yxeon_gold_6326xeon_platinum_8360hxeon_silver_4310txeon_gold_6312uxeon_gold_6328hc741xeon_platinum_8380xeon_gold_6348xeon_gold_6354xeon_gold_6330nxeon_silver_4316xeon_platinum_8351nxeon_gold_6328hlxeon_platinum_8352mc629axeon_gold_5318nxeon_platinum_8353hxeon_platinum_8358pxeon_platinum_8380hlxeon_silver_4314xeon_gold_6348hxeon_platinum_8352vxeon_gold_6336yOpenBMC
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28199
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.88% / 77.12%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 16:20
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-data_plane_development_kitwindowslinux_kernelNVIDIA FLARE
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24952
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 66.33%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket.

Action-Not Available
Vendor-eternal_terminal_projectJason Gauci
Product-eternal_terminalEternal Terminal
CWE ID-CWE-20
Improper Input Validation
CVE-2024-54011
Matching Score-4
Assigner-Hanwha Vision Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Hanwha Vision Co., Ltd.
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 15.05%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 06:51
Updated-27 Jun, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Error/Exception Handling

Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.

Action-Not Available
Vendor-hanwhavisionHanwha Vision
Product-xnf-8010rvm_firmwareqnv-c6083rqnp-6250h_firmwarexnz-6320a_firmwarexnf-9010rsxnb-6002qnp-6320_firmwarexnp-6320_firmwarexnv-6010xnp-6341rhqno-c8083rxnv-6020rqno-c9083r_firmwareknd-2080rnxno-6080rqnv-c6083r_firmwarexnv-6081r_firmwareqnp-6320rxnd-k6080nqno-c8023rpnm-9000vq_firmwarexnp-8300rwtnv-c7013rc_firmwareqnv-c8012xnp-6320hspnm-9002vqxno-8080rwxnv-8083rvxxnd-8081rvxnv-6081zxnv-6080rsaxnp-6321xnd-6011fxnp-6320hpnm-9084rqz_firmwarexnd-6081rev_firmwarepnv-a9081r_firmwarexnv-6081re_firmwarexnp-6320h_firmwarepnm-9085rqz_firmwarexnz-l6320a_firmwarexnp-9250qnv-c8013r_firmwarexnv-6123rxno-6123r_firmwarexnv-8082rxnd-c7083rv_firmwarexnb-9003_firmwareqnd-c8023r_firmwarexnd-8082rv_firmwarexno-8040r_firmwarexnd-8081rf_firmwarexnd-6085xnd-k6080n_firmwarexnv-6011w_firmwarexno-8020r_firmwarexnd-8081rev_firmwarexno-c8083rxnv-6011xnf-8010rvw_firmwarexnv-8083rxxnv-9083rz_firmwarexnd-6080rwxnf-8010rvmxnf-8010rvwxnv-6083rzxnd-6085_firmwarexno-c8083r_firmwarexnv-6080rxnv-8083rxnf-9010rv_firmwarexno-8080rxnv-l6080atnv-c8011rwxnv-6080rw_firmwaretnv-7010rc_firmwareqnf-c9010knp-2550rha_firmwarexnb-9003xno-9082rz_firmwarepnm-9000vdxnd-8083rv_firmwareknb-2000pnm-9321vqpxnv-8083rz_firmwarexnz-6320_firmwarepnv-a9081rqnp-6230h_firmwareqnv-c8023rqno-c8023r_firmwareqnp-6320r_firmwareknp-2120hnxnv-8083rx_firmwareknb-5000nknp-2320rh_firmwarexnv-c7083r_firmwarexnd-l6080rxnp-6400_firmwarekno-2010rn_firmwarexnp-6320rhqnp-6230hqnv-c9083rpnm-9002vq_firmwarexnp-c9253_firmwarexnp-6321h_firmwarexnp-6341rh_firmwarexno-8083rxnv-6080_firmwarexnd-9083rv_firmwarexnd-l6020r_firmwarexnv-8080r_firmwareqnp-6250xnd-8081rv_firmwarexnv-c7083rxnp-6400rw_firmwarexno-c7083rxnf-8010rvmnbxnp-6371rh_firmwarexnv-6081rexnd-8080rv_firmwarexnv-6013m_firmwarexno-8080rw_firmwarexnp-c9253r_firmwareqnv-c8083rxnv-l6080_firmwarexnv-6080rwxnp-c6403rwpnm-7000vdqne-c9013rlxnv-6080xnd-8093rv_firmwarexnd-6081fzxnd-8040r_firmwarexnd-8040rxnd-8093rvxnp-8250xnp-c9253rxnv-6083rqnp-6250hxnp-c6403xnf-8010rvmnb_firmwarexnv-8083rvx_firmwarepnm-9080vq_firmwarexnp-6400rxnd-l6080rvaxnd-9082rfpnm-9321vqp_firmwarekno-5020rn_firmwarexno-8080r_firmwarexno-6010r_firmwarexnf-9010rvmxnv-l6080rxnv-6083z_firmwarexnd-8081vz_firmwarexnp-c8253rxnd-6081f_firmwareknd-2010_firmwarexnp-9250r_firmwarexnv-8080rwxnd-6080vxnv-8080rkno-2120rn_firmwareknb-2000_firmwareqnd-c8013r_firmwareqnf-8010_firmwarexnd-6080_firmwarexnd-8080rxnv-8030rxnd-l6080rvknp-2320rhaxnp-6040hxno-6080rsxnb-8002xnv-8082r_firmwarexnf-8010rv_firmwarexno-9083r_firmwareknd-5020rnxnd-6080rw_firmwarepnm-9084qzxnd-8080rwxnv-8093r_firmwarepnm-9080vqxnd-8083rvxxnv-6085xno-9083rqnf-c9010v_firmwareqnp-6320xnd-8080r_firmwarepnm-9322vqpxnd-c7083rvxnv-8080rsaxnp-8250_firmwarepnm-9084qz1_firmwarepnm-7002vdxnd-6020r_firmwarexnd-6085v_firmwareknd-2020rnxnd-c9083rv_firmwarexnv-l6080raxnp-6320qnv-c8011rxno-6083rxnv-6080rsa_firmwarexnv-6022rmxnv-9082r_firmwarepnm-9320vqp_firmwarexno-c6083r_firmwarexno-c9083rkno-2120rnpnd-a9081rv_firmwarexnv-8080rsa_firmwarexnp-c9310r_firmwarexnb-8003xnv-6011wxnp-6400xnv-c6083rxnd-6020rxnp-6321hxnv-c6083r_firmwareknd-5020rn_firmwarexnv-6022r_firmwarexnv-9083rzqnp-6250_firmwarexnd-6081rfxnd-6080r_firmwareqnp-6230_firmwarexnb-6001xno-8030rxno-l6120r_firmwarexnp-c8253r_firmwarepnm-9084rqzxnd-8083rvx_firmwarexnd-8020f_firmwarexnf-9013rvxnb-8000xnv-6081z_firmwareqno-c8013rxnd-8083rvknd-5080rnxnv-6123r_firmwarexnv-6010_firmwarexnv-6120xnb-8002_firmwarexnp-c9253xnd-l6080va_firmwarexnp-6371rhxnv-6120rxnp-c7310r_firmwarexnp-6321_firmwarexnv-6120rsxno-6080rs_firmwareqnv-c8013rxnv-6022rm_firmwarexnv-8083z_firmwarexnz-6320axnz-l6320_firmwarexnf-9013rv_firmwarexnv-c8083r_firmwarexnd-c9083rvxnv-8081z_firmwarexnd-8082rvxno-6123rxnd-8081fz_firmwarexnv-8081rexno-c6083rxnv-l6080qnv-c9083r_firmwarexnd-6081rf_firmwareqne-c9013rl_firmwarexnd-6011f_firmwarepnm-9084rqzt_firmwarepnm-9085rqzxnv-6011_firmwarexnd-c6083rvxnp-8250rqnp-6250rxnv-8080rsxnd-6085vxnv-l6080ra_firmwarexnv-6080rsxnf-8010r_firmwarexnb-6000xnd-8030r_firmwareknd-2010xnp-6250rhpnm-7002vd_firmwarexnv-6085_firmwarexnv-8081rtnv-7010rcxnv-9082rxnd-c6083rv_firmwaretnv-c8014rmxnv-6120rs_firmwarexnp-6400r_firmwarexnd-c8083rvxno-6085rxnd-6080xnv-8020rmppnd-a6081rvxnd-8030rknp-2320rha_firmwarexnv-8081re_firmwarexno-6120r_firmwarexnp-6400rwxno-6085r_firmwarexnp-c8303rw_firmwarexnv-6120r_firmwarexnp-9250_firmwarexnd-8020rw_firmwareqnf-c9010vxnf-8010rwpnm-9085rqzt_firmwarexnp-9250rxnb-6001_firmwarexnp-c8303rwqnv-c9011rxno-8082rxnd-6010xno-8083r_firmwarexnv-6080rs_firmwarexnv-8020rmn_firmwarexno-l6020r_firmwareqnv-c9011r_firmwareknb-5000n_firmwarexnv-8093rknp-2320rhxnv-6012m_firmwarexno-c9083r_firmwarepnm-9320vqpxnd-6081fz_firmwarexno-8030r_firmwareqno-c6083rxnz-l6320xno-l6120rxno-l6080r_firmwarexnv-8020rxnv-8081zxnv-6083zxnd-8081revxnp-c9303rw_firmwarexnd-9082rf_firmwarexnv-6020r_firmwarekno-2080rnxnf-9010rvm_firmwarekno-5080rn_firmwarexnb-6003tnv-c8034rm_firmwarexno-l6080raxnv-8083rzxnv-8040rqnp-6250r_firmwarexnv-6083r_firmwarexnd-6080rvxnd-l6080rva_firmwarexnb-6005xnv-6013mxnp-9300rwxno-l6080ra_firmwarexnf-9010rs_firmwarexnf-9010rvxnp-6320rh_firmwarexnv-6081xnb-6005_firmwarexnv-6012_firmwarexnp-6120h_firmwarexnd-8080rw_firmwarexnb-8003_firmwarexno-6120xno-8020rxno-9082rzxnb-6002_firmwarexnv-8081r_firmwarepnd-a6081rv_firmwareqnp-6320hxnd-l6080r_firmwareqne-c8013rl_firmwarexnd-8080rvkno-5080rnxnv-8083zxnv-6080r_firmwarexnp-c6403_firmwarexnv-l6080r_firmwareqnf-8010qnv-c8023r_firmwarexnp-c6403r_firmwarexnv-c6083_firmwarexnv-6012pnm-9322vqp_firmwarexnf-8010rvxnv-6083rz_firmwarexnd-6081rvxnb-6003_firmwareqne-c8013rlxnp-c7310rpnm-9081vq_firmwarexnv-8040r_firmwarexnd-8081fzknd-5080rn_firmwarexnf-8010rw_firmwareqnv-c8083r_firmwarexnp-8250r_firmwarexnv-6022rxnd-6081rv_firmwarexnv-8080rw_firmwarexnv-8030r_firmwarexnz-6320tnv-c8014rm_firmwarexnv-8020rmp_firmwarexnp-6550rh_firmwarexnv-l6080a_firmwarexnd-6081revxnp-c6403rw_firmwarexnd-9082rvqnd-c8023rpnm-9084rqzttnv-c7013rcxnd-8081rfxno-6083r_firmwarexnp-8300rw_firmwarexnd-6080rv_firmwarexnv-9083rxno-6080r_firmwarexnp-6250rh_firmwarexnp-6320hs_firmwarexnv-9083r_firmwarexnp-c6403rxnb-6000_firmwarexno-l6020rxnp-6040h_firmwarexnd-c8083rv_firmwarexnp-6120hpnm-9085rqztknd-2020rn_firmwarexnv-6012mtnb-6030xnd-8020rwqnp-6230xnv-8080rs_firmwarexnv-c9083r_firmwareqno-c9083rtnv-c8034rmxnb-8000_firmwarepnm-9000vqxnd-l6080rv_firmwareqno-c8013r_firmwarexnd-9082rv_firmwarexno-c7083r_firmwarepnv-a6081r_firmwarekno-5020rnxnd-9083rvxno-l6080rpnm-9000vd_firmwarexnv-8020r_firmwarexnd-8081vztnb-6030_firmwareqno-c6083r_firmwarepnm-9084qz1xno-6020rxnd-l6020rxnp-c8253_firmwarexnv-8020rmnxnv-c8083rxno-6120_firmwarexnp-c9310rxnd-6010_firmwarexno-6120rpnd-a9081rvxnv-6120_firmwarexnp-c9303rwpnm-7000vd_firmwarexnz-l6320axnv-c6083qnp-6320h_firmwarexno-6020r_firmwarexnv-c9083rxnd-6080v_firmwarepnm-9084qz_firmwarexno-8082r_firmwareknd-2080rn_firmwareknp-2120hn_firmwarexnb-9002xnp-c8253xnd-6080rxnp-6550rhxnf-8010rqno-c8083r_firmwarexno-6010rxno-8040rkno-2010rnqnf-c9010_firmwarexnv-8083r_firmwaretnv-c8011rw_firmwarexnd-8020fxnd-l6080vakno-2080rn_firmwareknp-2550rhapnm-9081vqxnv-6081_firmwarepnv-a6081rxnv-6081rqnv-c8012_firmwareqnv-c8011r_firmwarexnd-6081fxnp-9300rw_firmwareqnd-c8013rxnb-9002_firmwareQND-8080R
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24925
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.25% / 16.41%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3258
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-3.08% / 86.20%
||
7 Day CHG~0.00%
Published-27 Jan, 2017 | 22:01
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).

Action-Not Available
Vendor-MariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/Linux
Product-debian_linuxenterprise_linux_serverenterprise_linux_workstationmariadbmysqlenterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_server_ausenterprise_linux_eusMySQL Server
CWE ID-CWE-20
Improper Input Validation
CVE-2022-47378
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.91% / 56.11%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 09:30
Updated-17 Jul, 2025 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS: Multiple products prone to Improper Input Validation

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_for_plcnext_slcontrol_for_beaglebone_slcontrol_win_\(sl\)control_for_pfc200_slsafety_sil2_pspcontrol_for_empc-a\/imx6_slhmi_\(sl\)control_for_wago_touch_panels_600_slsafety_sil2_runtime_toolkitcontrol_rte_\(sl\)control_for_raspberry_pi_sldevelopment_system_v3control_for_linux_slcontrol_for_iot2000_slcontrol_runtime_system_toolkitcontrol_for_pfc100_slcontrol_rte_\(for_beckhoff_cx\)_slCODESYS Control Win (SL)CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for Linux SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for PFC200 SLCODESYS Control for BeagleBone SLCODESYS HMI (SL)CODESYS Control for PLCnext SLCODESYS Development System V3CODESYS Control RTE (SL)CODESYS Control for IOT2000 SLCODESYS Control Runtime System ToolkitCODESYS Safety SIL2 PSPCODESYS Control for PFC100 SLCODESYS Control for Raspberry Pi SL
CWE ID-CWE-20
Improper Input Validation
CVE-2026-41727
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 15.05%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:49
Updated-17 Jul, 2026 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_for_apache_kafkaSpring for Apache Kafka
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24280
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-1.25% / 66.15%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 09:25
Updated-22 May, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Pulsar Proxy target broker address isn't validated

Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.

Action-Not Available
Vendor-The Apache Software Foundation
Product-pulsarApache Pulsar
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38230
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.44% / 82.47%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2016
CWE ID-CWE-20
Improper Input Validation
CVE-2024-38359
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 43.48%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 22:16
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lightning Network Daemon Onion Bomb

The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the `--rejecthtlc` CLI flag and also disable forwarding on channels via the `UpdateChanPolicyCommand`, or disable listening on a public network interface via the `--nolisten` flag as a mitigation.

Action-Not Available
Vendor-lightningnetworklightning_network_daemon_project
Product-lndlightning_network_daemon
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15699
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-3.21% / 86.77%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted AMQP frame which will cause it to segfault and shut down.

Action-Not Available
Vendor-The Apache Software Foundation
Product-qpid_dispatchApache Qpid Dispatch Router
CWE ID-CWE-20
Improper Input Validation
CVE-2022-40266
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.82% / 53.23%
||
7 Day CHG~0.00%
Published-24 Nov, 2022 | 08:20
Updated-25 Apr, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial-of-Service (DoS) Vulnerability in FTP Server Function on GOT2000 Series

Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 Series GT27 model FTP server versions 01.39.000 and prior, Mitsubishi Electric GOT2000 Series GT25 model FTP server versions 01.39.000 and prior and Mitsubishi Electric GOT2000 Series GT23 model FTP server versions 01.39.000 and prior allows a remote authenticated attacker to cause a Denial of Service condition by sending specially crafted command.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-got2000_gt25_firmwaregot2000_gt27_firmwaregot2000_gt25got2000_gt27got2000_gt23got2000_gt23_firmwareGOT2000 Series GT23 modelGOT2000 Series GT27 modelGOT2000 Series GT25 model
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47746
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.74% / 50.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 18:42
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-37458
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.19%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 00:00
Updated-11 May, 2026 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.

Action-Not Available
Vendor-frroutingn/a
Product-frroutingn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2026-35049
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 14.35%
||
7 Day CHG~0.00%
Published-02 Jun, 2026 | 18:35
Updated-04 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wire-ios has Persistent Remote DoS via Integer Underflow

wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receival with no user interaction. Since the malicious message persists in the conversation, the app enters a crash loop on relaunch and cannot be reopened until the local state is wiped. This issue has been fixed with version 4.16.0 which introduces the missing length check and is available via the App Store. No known workarounds are available.

Action-Not Available
Vendor-wireapp
Product-wire-ios
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27254
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 47.18%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 12:24
Updated-13 Feb, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-hp-uxwindowssolarisaixlinux_on_ibm_zlinux_kerneldb2Db2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2026-33029
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.95% / 57.24%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 17:59
Updated-02 Apr, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nginx UI: DoS via Negative Integer Input in Logrotate Interval

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4.

Action-Not Available
Vendor-Nginx UI (0xJacky)
Product-nginx_uinginx-ui
CWE ID-CWE-20
Improper Input Validation
CVE-2024-26197
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.86% / 85.18%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 16:57
Updated-03 May, 2025 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_server_2019windows_server_2022Windows Server 2012 R2Windows Server 2019Windows Server 2016 (Server Core installation)Windows Server 2016Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-20
Improper Input Validation
CVE-2024-25046
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 47.18%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 12:17
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2026-29905
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.45% / 36.05%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 00:00
Updated-02 Apr, 2026 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate the return value of the PHP getimagesize() function. When the system attempts to process this file for metadata or thumbnail generation, it triggers a fatal TypeError.

Action-Not Available
Vendor-getkirbyn/a
Product-kirbyn/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-252
Unchecked Return Value
CVE-2020-15112
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 66.22%
||
7 Day CHG~0.00%
Published-05 Aug, 2020 | 20:00
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in etcd

In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

Action-Not Available
Vendor-etcdetcd-ioFedora Project
Product-etcdfedoraetcd
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2024-22360
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.65% / 47.18%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 12:32
Updated-27 Feb, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Linux, UNIX and Windows denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-22027
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 49.96%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 06:41
Updated-05 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.

Action-Not Available
Vendor-AYS Pro Extensions
Product-quiz_makerWordPress Quiz Maker Plugin
CWE ID-CWE-20
Improper Input Validation
CVE-2026-26062
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.37% / 29.45%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 19:00
Updated-18 May, 2026 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Fleet server may terminate unexpectedly when handling certain gRPC requests

Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service (DoS) issue in the gRPC Launcher `PublishLogs` endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled Launcher host. An authenticated attacker with access to any enrolled Launcher node key could cause an immediate and complete denial of service by sending a single gRPC request to the `PublishLogs` endpoint. This vulnerability impacts availability only. There is no exposure of sensitive data, no authentication bypass, no privilege escalation, and no integrity impact. Version 4.81.0 contains a patch. If upgrading immediately is not possible, the following mitigations can reduce exposure. Restrict network access to the Fleet gRPC endpoint where feasible (for example, limiting inbound access to known host IP ranges); deploy Fleet behind infrastructure that terminates or filters gRPC traffic if Launcher log ingestion is not required; and/or monitor for repeated Fleet process crashes or unexpected restarts indicating potential exploitation.

Action-Not Available
Vendor-fleetdmfleetdm
Product-fleetfleet
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23014
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.82% / 53.15%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerBIG-IP APM
CWE ID-CWE-20
Improper Input Validation
CVE-2026-21864
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.16%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 00:24
Updated-26 Feb, 2026 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote DoS from malformed RESTORE command

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted `RESTORE` command can cause Valkey to hit an assertion, causes the server to shutdown. Valkey modules are required to handle errors in RDB parsing by using `VALKEYMODULE_OPTIONS_HANDLE_IO_ERRORS` flag. If this flag is not set, errors encountered during parsing result in a system assertion which shuts down the system. Even though the Valkey-bloom module correctly handled the parsing, it did not originally set the flag. Commit a68614b6e3845777d383b3a513cedcc08b3b7ccd contains a patch. One may mitigate this defect by disabling the `RESTORE` command if it is unused by one's application.

Action-Not Available
Vendor-lfprojectsvalkey-io
Product-valkey-bloomvalkey-bloom
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28856
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.96% / 57.70%
||
7 Day CHG~0.00%
Published-18 Apr, 2023 | 20:50
Updated-13 Feb, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
`HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectRedis Inc.
Product-redisdebian_linuxfedoraredis
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2026-20240
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.1||HIGH
EPSS-0.40% / 31.95%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 16:32
Updated-21 May, 2026 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service through coldToFrozen.sh Script in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129, a low-privileged user that does not hold the ‘admin’ or ‘power’ Splunk roles could cause a Denial of Service by exploiting the `coldToFrozen.sh` script in the `splunk_archiver` app to rename critical Splunk directories, making the instance non-functional.<br><br>The Denial of Service is possible because of missing input validation in the `coldToFrozen.sh` script, which accepts arbitrary file paths and renames them without restricting operations to safe directories.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunk_cloud_platformsplunkSplunk EnterpriseSplunk Cloud Platform
CWE ID-CWE-20
Improper Input Validation
CVE-2026-1577
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 25.69%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 21:49
Updated-10 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.

Action-Not Available
Vendor-IBM Corporation
Product-db2Db2
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2026-13699
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 14.73%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 07:38
Updated-14 Jul, 2026 | 20:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Databroker 0.6.1 PublishValue missing data_point panic

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional data_point field in PublishValueRequest. When a request contains a valid signal_id but omits data_point, the server directly calls unwrap() on request.data_point, triggering a panic in the Tokio worker thread. This issue can be triggered by any client holding a valid JWT token. Unauthenticated or invalid-token requests are rejected and do not reach the vulnerable path. The panic causes the individual gRPC call to be cancelled but does not terminate the Databroker process, which remains available for subsequent requests.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-kuksaEclipse KUKSA - Databroker
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23549
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.57% / 43.61%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 00:00
Updated-10 Mar, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse vulnerable to bypass of post max_length using HTML comments

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-20
Improper Input Validation
CVE-2019-19337
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.32% / 67.64%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 16:18
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph RADOS Gateway daemon handles S3 requests. An authenticated attacker can abuse this flaw by causing a remote denial of service by sending a specially crafted HTTP Content-Length header to the Ceph RADOS Gateway server.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ceph_storageCeph Storage
CWE ID-CWE-20
Improper Input Validation
CVE-2023-50709
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.72% / 49.85%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:00
Updated-08 Oct, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service attack on the cube-api endpoint

Cube is a semantic layer for building data applications. Prior to version 0.34.34, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. The issue has been patched in `v0.34.34` and it's recommended that all users exposing Cube APIs to the public internet upgrade to the latest version to prevent service disruption. There are currently no workaround for older versions, and the recommendation is to upgrade.

Action-Not Available
Vendor-cubecube-js
Product-cube.jscube
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1721
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.7||HIGH
EPSS-2.07% / 79.27%
||
7 Day CHG~0.00%
Published-18 Apr, 2019 | 00:20
Updated-21 Nov, 2024 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-telepresence_video_communication_serverCisco TelePresence Video Communication Server (VCS)
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0051
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 16.74%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 21:14
Updated-02 Jun, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-20
Improper Input Validation
CVE-2023-48226
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 51.79%
||
7 Day CHG~0.00%
Published-21 Nov, 2023 | 19:37
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenReplay HTML Injection vulnerability

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available.

Action-Not Available
Vendor-openreplayopenreplay
Product-openreplayopenreplay
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47701
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.10% / 62.09%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:19
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

Action-Not Available
Vendor-opengroupLinux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-windowsunixdb2linux_kernelDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47161
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.81% / 52.77%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 23:52
Updated-02 Aug, 2024 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM UrbanCode Deploy denial of service

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. IBM X-Force ID: 270799.

Action-Not Available
Vendor-IBM Corporation
Product-urbancode_deployUrbanCode Deploy
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47141
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.74% / 50.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 20:07
Updated-13 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationIBM Corporation
Product-linux_kerneldb2linux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47158
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.74% / 50.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 20:05
Updated-30 May, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationHP Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-47747
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.74% / 50.41%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 19:57
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 denial of service

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxlinux_on_ibm_zwindowsaixDb2 for Linux, UNIX and Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-46159
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-2.6||LOW
EPSS-0.70% / 48.97%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 02:28
Updated-22 Aug, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Storage Ceph denial of service

IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1 could allow an authenticated user on the network to cause a denial of service from RGW. IBM X-Force ID: 268906.

Action-Not Available
Vendor-IBM Corporation
Product-storage_cephStorage Ceph
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0271
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-1.44% / 70.13%
||
7 Day CHG~0.00%
Published-12 Mar, 2019 | 22:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.

Action-Not Available
Vendor-SAP SE
Product-sap_kerneladvanced_business_application_programming_serveradvanced_business_application_programming_platformABAP ServerABAP Server & Platform
CWE ID-CWE-20
Improper Input Validation
CVE-2022-41813
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.60% / 44.52%
||
7 Day CHG~0.00%
Published-19 Oct, 2022 | 21:23
Updated-08 May, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel (TMM) to terminate.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_policy_enforcement_managerbig-ip_advanced_firewall_managerBIG-IP AFM & PEM
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37556
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.65%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:05
Updated-09 Oct, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Improper Input Validation in CmpAppBP

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-20
Improper Input Validation
CVE-2023-37555
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.65%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 11:05
Updated-09 Oct, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Improper Input Validation in CmpAppBP

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556.

Action-Not Available
Vendor-CODESYS GmbH
Product-control_rte_sl_\(for_beckhoff_cx\)development_systemcontrol_for_pfc100_slcontrol_runtime_system_toolkithmicontrol_for_beaglebone_slsafety_sil2control_for_linux_slcontrol_for_pfc200_slcontrol_for_iot2000_slcontrol_for_wago_touch_panels_600_slcontrol_for_raspberry_pi_slcontrol_rte_slcontrol_for_empc-a\/imx6_slcontrol_for_plcnext_slcontrol_win_slCODESYS Control for WAGO Touch Panels 600 SLCODESYS Control for Raspberry Pi SLCODESYS Control for PFC100 SLCODESYS Control Runtime System ToolkitCODESYS Control for BeagleBone SLCODESYS Control for Linux SLCODESYS Control for PLCnext SLCODESYS Control RTE (SL)CODESYS HMI (SL)CODESYS Control for PFC200 SLCODESYS Development System V3CODESYS Safety SIL2 Runtime ToolkitCODESYS Control RTE (for Beckhoff CX) SLCODESYS Control for IOT2000 SLCODESYS Control for emPC-A/iMX6 SLCODESYS Control Win (SL)
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found