CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

CVE-2026-5308

CVE-2026-5308 affects Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

PT-2026-38278

Name of the Vulnerable Software and Affected Versions python-multipart versions prior to 0.0.27 Description A denial of service issue exists in the multipart part header parsing of the MultipartParser when processing multipart/form-data. The parser lacked limits on the number of part headers and...

CVE-2026-32145 Multipart form body parser bypasses body size limits in wisp

Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipartbody function bypasses configured maxbodysize and maxfilessize limits. When a multipart boundary is not present in a chunk, the parser tak...

CVE-2026-32145

CVE-2026-32145 affects gleam-wisp wisp. The multipart_body and multipart_headers code paths can bypass configured max_body_size and max_files_size, allowing an unauthenticated attacker to exhaust server memory or disk by sending arbitrarily large multipart form submissions in a single HTTP reques...

Exploit for Deserialization of Untrusted Data in Facebook React

rsc-exposure-audit Black-box exposure audit for Next.js / Reac...

CVE-2024-58259

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory...

CVE-2024-58259

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory...

PT-2024-22266

Name of the Vulnerable Software and Affected Versions Apollo Router versions 0.9.5 through 1.40.2 Description The Apollo Router is subject to a Denial-of-Service DoS type issue. When receiving compressed HTTP payloads, affected versions of the Router evaluate the limits.http max request bytes...

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion bypassing standard safeguards like timeouts and body size limits.

...

SUSE CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...