25 matches found
PT-2026-44131
Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose Content-Length is not positive — most notably HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests sent without a content-length header. Coraza is then evaluated against an empty body...
SUSE CVE-2026-27623
Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...
CVE-2026-27623
A flaw was found in Valkey. A malicious actor with network access to Valkey can cause the system to shut down by sending a specially crafted request. This occurs because the system does not properly reset its networking state after processing an empty request, leading to an assertion failure. Thi...
ALPINE-CVE-2026-27623
Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...
CVE-2026-27623
Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an assertion. When processing incoming requests, the Valkey system does not properly reset the networking...
PT-2026-21548
Name of the Vulnerable Software and Affected Versions Valkey versions 9.0.0 through 9.0.2 Description Valkey, a distributed key-value database, is susceptible to a denial of service condition. A remote attacker with network access can cause the system to terminate by triggering an assertion. This...
EUVD-2025-25431
Malicious code in bioql PyPI...
CVE-2025-47700
Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to empty request bodies not being properly rejected. An attacker can cause users to perform unintended actions by tricking them into clicking malicious links through post actions. Remediation Upgrade...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to empty request bodies not being properly rejected. An attacker can cause users to perform unintended actions by tricking them into clicking malicious links through post actions. Remediation Upgrade...
GHSA-VQWH-5JHH-VC9P Mattermost Server SSRF Vulnerability via the Agents Plugin
Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...
Mattermost Server SSRF Vulnerability via the Agents Plugin
Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...
CVE-2025-47700
Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...
CVE-2025-47700
Mattermost Server versions 10.5.x
CVE-2025-47700 AI plugin APIs can be triggered using post actions
Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...
Mattermost Server 安全漏洞
Mattermost Server is a suite of open source messaging platforms from US-based Mattermost. A security vulnerability exists in Mattermost Server version 10.5.9 and prior versions, which stems from the Agents plugin not rejecting empty request bodies, which could cause users to click on malicious...
Mattermost 资源管理错误漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial-of-service vulnerability that stems from an inability to handle empty request bodies in an add endpoint, which could be exploited by an attacker to send a request with ...
SUSE CVE-2007-6286
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to...
SUSE CVE-2010-0408
The approxyajprequest function in modproxyajp.c in modproxyajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service backend server outage via a crafted request,...
PT-2021-18162 · D Link · D-Link Dsp-W215
Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.10 Description: A Null Pointer Dereference issue exists, which could allow a remote malicious user to cause a denial of service via usr/bin/lighttpd. This can be triggered by sending an HTTP request without a URL in...