CVE-2026-53002

A flaw was found in the Linux kernel's netfilter conntrack module. This vulnerability arises from the use of sprintf and insufficient buffer sizing in the manglecontentlen function, which can lead to a stack-out-of-bounds write. An attacker could potentially exploit this memory corruption issue t...

CVE-2026-46551

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...

CVE-2026-46553

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

CVE-2026-46553 NocoDB: Attachment Size Limit Bypass via Upload-by-URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

CVE-2026-46551 NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, the uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to downloa...

JLSEC-2026-618 HTTP/1 request smuggling via bare-LF, lenient chunk size, and TE/CL handling in HTTP.jl server

Description The HTTP/1 server request parser had three framing primitives that could make HTTP.jl disagree with a fronting proxy about message boundaries on a reused keep-alive connection. 1 readlinecrlf tolerated a bare LF on its buffered fast path but required CRLF on the slow path, so the...

Linux Distros Unpatched Vulnerability : CVE-2026-53540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its...

CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

DEBIAN-CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

CVE-2026-54288 Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

CVE-2026-54288

The CVE-2026-54288 issue affects the Hono Web framework prior to version 4.12.25, where the Body Limit Middleware trusts the request Content-Length header. On AWS Lambda environments (API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge), the body is fully buffered and the adapter builds the requ...

CVE-2026-53540 Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

CVE-2026-53540

Python-Multipart vulnerability CVE-2026-53540 affects the parse_form function in versions prior to 0.0.31. A negative Content-Length could cause a bounded read to become unbounded, loading the entire request body into memory and potentially exhausting memory. The issue is fixed in 0.0.31; remedia...

Linux Distros Unpatched Vulnerability : CVE-2026-54388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content- Length headers with differing values, forwarding all...

Astra Linux – Vulnerability in libproxy

In libproxy, the url.cpp module in version 0.4.15 is vulnerable to a buffer overflow when PAC is enabled. This vulnerability was confirmed by using a large PAC file that was sent without a Content-length header...

Astra Linux – Vulnerability in Netty

The HttpObjectDecoder.java file in Netty before version 4.1.44 allowed a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

Astra Linux – Vulnerability in Waitress

Waitress version 1.3.1 allows for the smuggling of requests by sending the Content-Length header twice. Waitress would fold the two Content-Length headers together, and since it cannot convert the now comma-separated values into integers, it internally sets the Content-Length to 0. If two...

Astra Linux – Vulnerability in HAPProxy

HAProxy versions 2.0.32, 2.1.x, and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 send empty Content-Length headers, violating section 8.6 of RFC 9110. In rare cases, an HTTP/1 server behind HAPProxy may interpret...