Total
2714 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-22228 | 2026-02-03 | N/A | N/A | ||
| An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. | |||||
| CVE-2025-65886 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes. | |||||
| CVE-2025-65888 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. | |||||
| CVE-2025-65889 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-65890 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index. | |||||
| CVE-2025-65891 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index. | |||||
| CVE-2025-70999 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID. | |||||
| CVE-2025-71000 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-30160 | 1 Redlib | 1 Redlib | 2026-02-03 | N/A | 7.5 HIGH |
| Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0. | |||||
| CVE-2025-6208 | 2026-02-03 | N/A | 5.3 MEDIUM | ||
| The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-specified file limit (`num_files_limit`) is applied after all files in a directory are loaded into memory. This can lead to memory exhaustion and degraded performance, particularly in environments with limited resources. The issue is resolved in version 0.12.41. | |||||
| CVE-2026-0599 | 2026-02-03 | N/A | 7.5 HIGH | ||
| A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown image links and performs a blocking HTTP GET request, reading the entire response body into memory and cloning it before decoding. This behavior can lead to resource exhaustion, including network bandwidth saturation, memory inflation, and CPU overutilization. The vulnerability is triggered even if the request is later rejected for exceeding token limits. The default deployment configuration, which lacks memory usage limits and authentication, exacerbates the impact, potentially crashing the host machine. The issue is resolved in version 3.3.7. | |||||
| CVE-2025-7105 | 2026-02-03 | N/A | 5.7 MEDIUM | ||
| A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of memory error upon service restart, causing a denial of service. This issue affects the latest version of the product. | |||||
| CVE-2025-69198 | 1 Pterodactyl | 1 Panel | 2026-02-02 | N/A | 6.5 MEDIUM |
| Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource limits are applied on a per-server basis, and validated during the request cycle. However, in versions prior to 1.12.0, it is possible for a malicious user to send a massive volume of requests at the same time that would create more resources than the server is allotted. This is because the validation occurs early in the request cycle and does not lock the target resource while it is processing. As a result sending a large volume of requests at the same time would lead all of those requests to validate as not using any of the target resources, and then all creating the resources at the same time. As a result a server would be able to create more databases, allocations, or backups than configured. A malicious user is able to deny resources to other users on the system, and may be able to excessively consume the limited allocations for a node, or fill up backup space faster than is allowed by the system. Version 1.12.0 fixes the issue. | |||||
| CVE-2025-69199 | 1 Pterodactyl | 1 Wings | 2026-02-02 | N/A | 6.5 MEDIUM |
| Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands of websocket connections and then send massive volumes of information over the socket, overloading the host network, and causing increased CPU and memory load within Wings. Version 1.12.0 patches the issue. | |||||
| CVE-2026-21696 | 1 Pterodactyl | 1 Wings | 2026-02-02 | N/A | 6.5 MEDIUM |
| Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to trigger a condition that floods the panel with activity records. After Wings sends activity logs to the panel it deletes the processed activity entries from the wings SQLite database. However, it does not consider the max parameter limit of SQLite, 32766 as of SQLite 3.32.0. If wings attempts to delete more than 32766 entries from the SQLite database in one query, it triggers an error (SQL logic error: too many SQL variables (1)) and does not remove any entries from the database. These entries are then indefinitely re-processed and resent to the panel each time the cron runs. By successfully exploiting this vulnerability, an attacker can trigger a situation where wings will keep uploading the same activity data to the panel repeatedly (growing each time to include new activity) until the panels' database server runs out of disk space. Version 1.12.0 fixes the issue. | |||||
| CVE-2025-9278 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | N/A | 7.5 HIGH |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible. | |||||
| CVE-2025-9279 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | N/A | 7.5 HIGH |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limit Storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds. | |||||
| CVE-2025-9281 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | N/A | 7.5 HIGH |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots | |||||
| CVE-2025-9280 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | N/A | 7.5 HIGH |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot. | |||||
| CVE-2025-9282 | 1 Rockwellautomation | 2 Armorstart Lt, Armorstart Lt Firmware | 2026-02-02 | N/A | 7.5 HIGH |
| A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds. | |||||