Lucene search
K

593 matches found

SUSE CVE
SUSE CVE
added 2026/04/11 9:27 a.m.6 views

SUSE CVE-2026-1525

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications using...

9.8CVSS7.1AI score0.00493EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/10 7:23 p.m.10 views

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS

Summary The WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token configured, any local process can send arbitrarily large...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References4Affected Software1
Rockylinux
Rockylinux
added 2026/04/10 12:4 a.m.5 views

nodejs:24 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.6AI score0.26356EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:19 p.m.3 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS6AI score0.00334EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/09 5:30 p.m.4 views

USN-8154-2 python-django vulnerabilities

USN-8154-1 fixed vulnerabilities in Django. This update provides the corresponding updates for CVE-2026-33033 and CVE-2026-4292 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS, and CVE-2026-4277 in Ubuntu 16.04 LTS. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/09 3:35 p.m.9 views

EUVD-2026-20917

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

5.9AI score0.00566EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 3:16 p.m.7 views

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS0.00566EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 3:16 p.m.2 views

DEBIAN-CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS5.4AI score0.00566EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 3:16 p.m.3 views

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References4
OSV
OSV
added 2026/04/09 3:16 p.m.6 views

UBUNTU-CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 2:43 p.m.2 views

CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

5.8AI score0.00566EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 2:43 p.m.3 views

CVE-2026-5440

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

5.9AI score0.00566EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/09 2:43 p.m.18 views

CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

0.00566EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 2:43 p.m.20 views

CVE-2026-5440

CVE-2026-5440 describes a memory exhaustion vulnerability in an HTTP server caused by unbounded handling of the Content-Length header. The server allocates memory directly based on the attacker-supplied Content-Length value, without an upper limit, so a crafted request with a very large Content-L...

7.5CVSS5.9AI score0.00566EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

Orthanc 安全漏洞

Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from the HTTP server’s unlimited use of the Content-Length header, leading to a memory exhaustion issue. This vulnerability may cause excessive memory allocation and...

7.5CVSS5.8AI score0.00566EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-5440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the...

7.5CVSS5.9AI score0.00566EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 4:15 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ASGI requests with a missing or understated Content-Length header whe...

7.5CVSS5.9AI score0.00769EPSS
Exploits0References2
PyPA
PyPA
added 2026/04/07 3:17 p.m.11 views

PYSEC-2026-49

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.ASGI requests with a missing or understated Content-Length header couldbypass the DATAUPLOADMAXMEMORYSIZE limit when readingHttpRequest.body, allowing remote attackers to load an unbounded request body...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/07 3:17 p.m.11 views

PYSEC-2026-49

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.1 views

CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.9AI score0.00769EPSS
Exploits0References3
Rows per page
Query Builder