Lucene search
K

557 matches found

Nuclei
Nuclei
added 9 hours ago22 views

dash-uploader 0.1.0 - 0.7.0a2 - Denial-of-Service via flowTotalChunks

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a remote code execution caused by improper handling in Upload function and maxfilesize parameter in dashuploader components, letting remote attackers execute arbitrary code, exploit requires crafted request. id: CVE-2026-38361 info: name:...

7.5CVSS7.5AI score0.02643EPSS
Exploits5References4
NVD
NVD
added 5 days ago8 views

CVE-2026-55079

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

6.5CVSS0.00611EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-55079 Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

4.9CVSS0.00611EPSS
Exploits0References6
CVE
CVE
added 6 days ago11 views

CVE-2026-55079

Coder’s GO-based provisioner vulnerability arises from NewDataBuilder allocating a byte slice using client-supplied FileSize without an upper bound. The DRPC wire limit is 4 MiB, but FileSize could be much larger, causing memory exhaustion and potential denial of service when an authenticated use...

6.5CVSS6AI score0.00611EPSS
Exploits0References6Affected Software1
NVD
NVD
added 6 days ago10 views

CVE-2026-42145

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS0.0025EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added last week6 views

Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...

6.5CVSS6AI score0.00611EPSS
Exploits0References3Affected Software1
OSV
OSV
added last week5 views

GHSA-F962-QM93-MJ4C Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...

4.9CVSS6AI score0.00611EPSS
Exploits0References3
OSV
OSV
added last week5 views

GHSA-CHWM-M7G7-685G Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFile

Summary The Dragonfly scheduler's v1 gRPC service contains an unauthenticated Server-Side Request Forgery SSRF. When a peer reports a successful download of a TINY task, the scheduler calls Peer.DownloadTinyFile and issues an HTTP GET to a host and port taken verbatim from the attacker-controlled...

6.9CVSS6.3AI score
Exploits0References11
CVE
CVE
added last week14 views

CVE-2026-55646

CVE-2026-55646 (vLLM) affects vLLM versions 0.22.0–0.23.0. The routes /v1/audio/transcriptions and /v1/audio/translations call request.file.read() to fully materialize an uploaded audio file before enforcing the documented size limit (default 25 MB). This can cause the server to allocate memory p...

6.5CVSS6AI score0.00289EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56069

Name of the Vulnerable Software and Affected Versions coder versions prior to 2.34.2 coder versions prior to 2.33.8 coder versions prior to 2.32.7 coder versions prior to 2.29.17 Description An authenticated user can trigger a denial of service by sending a small message with an excessively large...

4.9CVSS6AI score0.00611EPSS
Exploits0References10
NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-6682

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...

7.6CVSS0.0021EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/06/25 3:54 p.m.18 views

CVE-2026-54024 LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

6.5CVSS0.00253EPSS
Exploits2References1
CVE
CVE
added 2026/06/25 3:54 p.m.14 views

CVE-2026-54024

CVE-2026-54024 affects LibreChat. The POST /api/convos/import endpoint uses a separate multer instance that was not updated with the same file-size limits applied to other file uploads, enabling an authenticated user to upload arbitrarily large files. This is exacerbated by the application-level ...

6.5CVSS5.9AI score0.00761EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 3:54 p.m.8 views

CVE-2026-54024 LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...

6.5CVSS7.1AI score0.00761EPSS
Exploits2References1
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-46553

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

5.3CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:31 p.m.18 views

CVE-2026-46551

CVE-2026-46551 affects NocoDB’s v1/v2 attachment API upload-by-url. Before 2026.04.4, the uploadViaURL path did not enforce NC_ATTACHMENT_FIELD_SIZE against the remote content-length or response stream. The HEAD probe read content-length but wasn’t compared to the limit, and storageAdapter.fileCr...

6.5CVSS6AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

7.5CVSS5.5AI score0.02643EPSS
Exploits5References1
Ubuntu
Ubuntu
added 2026/05/28 7:13 a.m.17 views

USN-8329-1: FFmpeg vulnerability

It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service...

6.2CVSS6.7AI score0.00238EPSS
Exploits0
OSV
OSV
added 2026/05/28 7:13 a.m.9 views

USN-8329-1 ffmpeg vulnerability

It was discovered that the FFmpeg CAF decoder incorrectly handled certain file size calculations. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a denial of service...

6.2CVSS6.7AI score0.00238EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:35 p.m.42 views

NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

Summary The uploadViaURL path in the v1/v2 attachment API did not enforce NCATTACHMENTFIELDSIZE against the remote content-length or against the response stream. An authenticated user Editor+ could direct the server to download arbitrarily large files, exhausting disk space and causing denial of...

6.5CVSS5.9AI score0.00235EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder