CVE-2024-3884 Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

CVE-2024-3884

CVE-2024-3884 concerns Undertow. A flaw in FormEncodedDataDefinition.doParse(StreamSourceChannel) can trigger OutOfMemory when parsing large application/x-www-form-urlencoded form data, enabling remote denial-of-service. Documents show the issue is tracked in CVE-2024-3884 and is referenced in Re...

CVE-2024-3884 Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

CVE-2024-3884

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

PT-2025-48972

Name of the Vulnerable Software and Affected Versions Undertow affected versions not specified Description A flaw exists in Undertow that may lead to remote denial of service attacks. Specifically, when the server utilizes the FormEncodedDataDefinition.doParseStreamSourceChannel method to process...

CVE-2025-66373: HTTP Request Smuggling Due to Invalid Chunked Body Size

...

Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

Exploit for OS Command Injection in Xstream

CVE-2020-26217 XStream RCE Exploit XStream remote code execut...

EUVD-2025-199999

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

RECTor: Robust and Efficient Correlation Attack on Tor

Tor is a widely used anonymity network that conceals user identities by routing traffic through encrypted relays, yet it remains vulnerable to traffic correlation attacks that deanonymize users by matching patterns in ingress and egress traffic. However, existing correlation methods suffer from t...

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to xmldom (CVE-2021-32796)

Summary Vulnerability in JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

CVE-2025-66031

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

Uncontrolled Recursion

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Uncontrolled Recursion via the fromDer function in asn1.js, which lacks recursion depth. An attacker can cause stack exhaustion and disrupt service availability by submitting...

IGEL OS Persistent Payload

Gain persistence for specified payload on IGEL OS Workspace Edition, by writing a payload to disk or base64-encoding and executing from registry. Module Options msf use exploit/linux/persistence/igelpersistence msf exploitigelpersistence show targets ...targets... msf exploitigelpersistence set...

body-parser is vulnerable to denial of service when url encoding is used

Impact body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage...

Adaptive Detection of Polymorphic Malware: Leveraging Mutation Engines and YARA Rules for Enhanced Security

Polymorphic malware continually alters its structure to evade signature-based defences, challenging both commercial antivirus AV and enterprise detection systems. This study introduces a reproducible framework for analysing eight polymorphic behaviours-junk code insertion, control-flow obfuscatio...

EUVD-2025-199007

Malicious code in url-encode-decode npm...

EUVD-2025-198714

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

UBUNTU-CVE-2025-65495

Integer signedness error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2dX509 to return -1 and be misused as a malloc size parameter...

Security update for curl

This update for curl fixes the following issues: CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes bsc1253757 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...