593 matches found
SUSE CVE-2026-1525
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications using...
PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS
Summary The WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token configured, any local process can send arbitrarily large...
nodejs:24 security update
An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
CVE-2026-40115
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...
USN-8154-2 python-django vulnerabilities
USN-8154-1 fixed vulnerabilities in Django. This update provides the corresponding updates for CVE-2026-33033 and CVE-2026-4292 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS, and CVE-2026-4277 in Ubuntu 16.04 LTS. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled...
EUVD-2026-20917
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
DEBIAN-CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
UBUNTU-CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440 Memory Exhaustion via Unbounded Content-Length
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...
CVE-2026-5440
CVE-2026-5440 describes a memory exhaustion vulnerability in an HTTP server caused by unbounded handling of the Content-Length header. The server allocates memory directly based on the attacker-supplied Content-Length value, without an upper limit, so a crafted request with a very large Content-L...
Orthanc 安全漏洞
Orthanc is a free open-source software developed by the Orthanc company. Orthanc has a security vulnerability, which stems from the HTTP server’s unlimited use of the Content-Length header, leading to a memory exhaustion issue. This vulnerability may cause excessive memory allocation and...
Linux Distros Unpatched Vulnerability : CVE-2026-5440
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the...
Allocation of Resources Without Limits or Throttling
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ASGI requests with a missing or understated Content-Length header whe...
PYSEC-2026-49
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.ASGI requests with a missing or understated Content-Length header couldbypass the DATAUPLOADMAXMEMORYSIZE limit when readingHttpRequest.body, allowing remote attackers to load an unbounded request body...
PYSEC-2026-49
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...
CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...