Lucene search
K

656 matches found

EUVD
EUVD
added 2026/03/17 4:16 p.m.3 views

EUVD-2026-12692

Next.js: Unbounded postponed resume buffering can lead to DoS...

6.9CVSS5.8AI score0.00483EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 4:16 p.m.2 views

GHSA-H27X-G6W4-24GQ Next.js: Unbounded postponed resume buffering can lead to DoS

Summary A request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments...

6.9CVSS6AI score0.00483EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/17 4:16 p.m.11 views

Next.js: Unbounded postponed resume buffering can lead to DoS

Summary A request containing the next-resume: 1 header corresponding with a PPR resume request would buffer request bodies without consistently enforcing maxPostponedStateSize in certain setups. The previous mitigation protected minimal-mode deployments, but equivalent non-minimal deployments...

7.5CVSS5.9AI score0.00483EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/13 8:37 p.m.10 views

Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 8:13 p.m.6 views

CVE-2026-2581 undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/12 8:13 p.m.29 views

CVE-2026-2581 undici is vulnerable to Unbounded Memory Consumption in in Undici's DeduplicationHandler via Response Buffering leads to DoS

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

5.9CVSS0.00566EPSS
Exploits0References3
CVE
CVE
added 2026/03/12 8:13 p.m.38 views

CVE-2026-2581

Undici (deduplication interceptor) is affected by CVE-2026-2581: when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers, especially with large or chunked responses and concurrent identical requests, causing high m...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28478

OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request bodies without strict byte or time limits. Remote unauthenticated attackers can send oversized JSON payloads or slow uploads to webhook endpoints causing memory pressure and...

8.7CVSS6AI score0.00436EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.27 views

CVE-2026-28478 OpenClaw < 2026.2.13 - Denial of Service via Unbounded Webhook Request Body Buffering

OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request bodies without strict byte or time limits. Remote unauthenticated attackers can send oversized JSON payloads or slow uploads to webhook endpoints causing memory pressure and...

8.7CVSS0.00436EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 9:59 p.m.12 views

CVE-2026-28478

OpenClaw exposes a Denial of Service vulnerability in webhook handlers prior to version 2026.2.13, caused by buffering request bodies without strict byte or time limits. Remote, unauthenticated attackers can send oversized JSON payloads or slow uploads, triggering memory pressure and availability...

8.7CVSS6AI score0.00436EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 9:59 p.m.2 views

CVE-2026-28478 OpenClaw < 2026.2.13 - Denial of Service via Unbounded Webhook Request Body Buffering

OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request bodies without strict byte or time limits. Remote unauthenticated attackers can send oversized JSON payloads or slow uploads to webhook endpoints causing memory pressure and...

8.7CVSS6AI score0.00436EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/03/05 2:44 p.m.6 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/03/05 2:43 p.m.6 views

Moderate: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS7.4AI score0.01525EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.6 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffer filter, where the next BIO performs short writes, can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption, typically resulting in a crash, leading to a...

4.7CVSS7.3AI score0.00152EPSS
Exploits1References3
OSV
OSV
added 2026/02/28 12:46 p.m.7 views

OESA-2026-1466 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes c...

4.7CVSS6AI score0.00152EPSS
Exploits1References2
NVD
NVD
added 2026/02/26 2:16 a.m.24 views

CVE-2026-27887

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

6.9CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 12:55 a.m.22 views

CVE-2026-27887 Spin has memory leaks in various WIT interfaces

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

6.9CVSS0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

Spin 安全漏洞

Spin is an open-source framework developed by spinframework, designed for quickly, securely, and efficiently building and running composable cloud microservices that use WebAssembly. Versions of Spin prior to 3.6.1 contained a security vulnerability caused by improper response buffering, which...

6.9CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.7 views

PT-2026-22073

Spin is an open source developer tool for building and running serverless applications powered by WebAssembly. When Spin is configured to allow connections to a database or web server which could return responses of unbounded size e.g. tables with many rows or large content bodies, Spin may in so...

6.9CVSS5.6AI score0.00226EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/19 12:25 a.m.9 views

SUSE CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

7CVSS5.8AI score0.00807EPSS
Exploits0References3
Rows per page
Query Builder