Lucene search
K

39 matches found

Wallarm Lab
Wallarm Lab
added 2025/08/22 11:0 a.m.16 views

Exploiting API4 — 8 Real-World Unrestricted Resource Consumption Attack Scenarios (and How to Stop Them)

Unrestricted Resource ConsumptionAPI4:2023 is the only threat category in the OWASP API Security Top 10 explicitly dedicated to Denial of Service DoS and resource abuse. But despite being just one category, attackers can exploit it in many different ways; from large file uploads and expensive...

9.8CVSS10AI score0.99979EPSS
Exploits8
OSV
OSV
added 2025/07/16 2:22 p.m.5 views

GHSA-7XQM-7738-642X File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

Summary A Denial of Service DoS vulnerability exists in the file processing logic when reading a file on endpoint Filebrowser-Server-IP:PORT/files/file-name . While the server correctly handles and stores uploaded files, it attempts to load the entire content into memory during read operations...

8.7CVSS6.1AI score0.00348EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.9 views

CVE-2024-52581

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...

8.2CVSS6.8AI score0.01004EPSS
Exploits2References1
CVE
CVE
added 2025/04/22 5:32 p.m.66 views

CVE-2025-32952

The CVE-2025-32952 affects Jmix local file storage (io.jmix.localfs:jmix-localfs) across Jmix 1.x and 2.x releases: versions 1.0.0–1.6.1 and 2.0.0–2.3.4 fail to enforce file size limits on uploads, enabling an attacker to upload excessively large files and potentially exhaust server disk space, c...

6.5CVSS6.3AI score0.00598EPSS
Exploits0References9Affected Software4
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-11171 Improper Input Validation in danny-avila/librechat

In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage the default setting for multer, there is no limit on the upload file size. This can lead to a...

7.5CVSS7.3AI score0.00761EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.12 views

PT-2025-12102

Name of the Vulnerable Software and Affected Versions danny-avila/librechat versions prior to 0.7.6 Description The issue is related to improper input validation, specifically with the handling of multipart file uploads using multer middleware. When in-memory storage is used, there is no limit on...

7.5CVSS5.8AI score0.00761EPSS
Exploits1References7
OSV
OSV
added 2025/01/14 2:15 p.m.1 views

CVE-2024-46668

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...

7.5CVSS5.8AI score0.00961EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/14 2:8 p.m.11 views

CVE-2024-46668

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...

7.5CVSS7.6AI score0.00961EPSS
Exploits0References1
PyPA
PyPA
added 2024/11/20 9:15 p.m.8 views

PYSEC-2024-178

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...

8.2CVSS7.2AI score0.01004EPSS
Exploits2References6Affected Software1
NVD
NVD
added 2024/11/20 9:15 p.m.113 views

CVE-2024-52581

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to...

8.2CVSS0.00756EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.3 views

PT-2024-10211 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4.0 through 6.4.15 FortiOS versions 7.0.0 through 7.0.15 FortiOS versions 7.2.0 through 7.2.8 FortiOS versions 7.4.0 through 7.4.4 Description: The issue is related to an allocation of resources without limits or throttling...

7.8CVSS9.6AI score0.00961EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-40019 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns the handling of online media assets, specifically .youtube and .vimeo files, in the TYPO3 backend. It is vulnerable to a denial of service, which occurs when large files wi...

5.3CVSS7.3AI score
Exploits0References5
OSV
OSV
added 2024/03/21 9:31 p.m.6 views

GHSA-3X9G-XFJ5-FQ84 Duplicate Advisory: Cross-Site Request Forgery in Gradio

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48cq-79qq-6f7x. this link is maintained to preserve external references. Original Description A Cross-Site Request Forgery gives attackers the ability to upload many large files to a victim, if they are running...

4.3CVSS5.7AI score0.00352EPSS
Exploits1References5
NVD
NVD
added 2023/04/03 5:15 p.m.40 views

CVE-2023-28837

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

4.9CVSS5.1AI score0.0107EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/04/03 4:41 p.m.8 views

CVE-2023-28837 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files

Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A use...

4.9CVSS5.1AI score0.0107EPSS
Exploits0References8
OSV
OSV
added 2023/03/08 9:15 p.m.4 views

CVE-2023-22890

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition...

7.5CVSS7.1AI score0.00644EPSS
Exploits0References1
OSV
OSV
added 2017/05/18 2:29 p.m.4 views

UBUNTU-CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...

6.1CVSS7.2AI score0.01925EPSS
Exploits0References5
OSV
OSV
added 2017/05/18 2:29 p.m.3 views

DEBIAN-CVE-2017-9061

In WordPress before 4.7.5, a cross-site scripting XSS vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename...

6.1CVSS6AI score0.01925EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/21 12:0 a.m.5 views

we7cms file upload vulnerability

we7cms is a content management system based on asp.net development. we7cms V3.0 system file upload vulnerability, the vulnerability is mainly caused by information leakage of the background upload service exposure, the uploaded service failed to get the identity verification, and the file format...

6.8AI score
Exploits0
Rows per page
Query Builder