Lucene search
+L

128 matches found

OSV
OSV
added 2025/12/04 7:16 p.m.8 views

AZL-71563 CVE-2025-65637 affecting package cni-plugins for versions less than 1.3.0-10

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References1
OSV
OSV
added 2025/12/04 7:16 p.m.7 views

AZL-71534 CVE-2025-65637 affecting package influxdb for versions less than 2.7.5-10

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS7.3AI score0.00585EPSS
Exploits1References1
OSV
OSV
added 2025/12/04 7:16 p.m.4 views

DEBIAN-CVE-2025-65637

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS7.5AI score0.00585EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.7 views

Logrus 安全漏洞

Logrus is a logging library for Go by the individual developer Simon Eskildsen. A security vulnerability exists in Logrus versions prior to 1.8.3, 1.9.0, and 1.9.2, which stems from a denial of service that can be caused by logging a single line with a payload greater than 64KB...

7.5CVSS6.3AI score0.00585EPSS
Exploits1References10
Cvelist
Cvelist
added 2025/12/04 12:0 a.m.25 views

CVE-2025-65637

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

0.00585EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/11/18 11:7 p.m.17 views

CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS0.00354EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2025/11/13 10:58 p.m.8 views

SpiceDB WriteRelationships fails silently if payload is too big

Impact Users who 1. use the exclusion operator somewhere in their authorization schema 1. have configured their SpiceDB server such that --write-relationships-max-updates-per-call is bigger than 6500 1. issue calls to WriteRelationships with a large enough number of updates that cause the payload...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/13 10:58 p.m.4 views

GHSA-PM3X-JRHH-QCR7 SpiceDB WriteRelationships fails silently if payload is too big

Impact Users who 1. use the exclusion operator somewhere in their authorization schema 1. have configured their SpiceDB server such that --write-relationships-max-updates-per-call is bigger than 6500 1. issue calls to WriteRelationships with a large enough number of updates that cause the payload...

6.9CVSS5.8AI score0.0024EPSS
Exploits0References4
CVE
CVE
added 2025/11/10 10:28 p.m.63 views

CVE-2025-64529

SpiceDB prior to v1.45.2 is affected when the exclusion operator is used and a per-call payload is large due to --write-relationships-max-updates-per-call > 6500. In this scenario, WriteRelationships can return success for a failed operation and produce incorrect permission results if the affe...

6.9CVSS6.3AI score0.0024EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2018-0299

Malware in sbrugna...

7.5CVSS7.5AI score0.01799EPSS
Exploits1References7
CVE
CVE
added 2025/09/16 4:11 p.m.25 views

CVE-2022-50345

CVE-2022-50345 refers to a Linux kernel NFSD issue affecting NFSv3 READ, where the send buffer overflow risk stems from how NFSD tallies RPC pages for request/response. Multiple vendor advisories (e.g., ALAS2KERNEL-5.15-2025-090 and ALAS2KERNEL-5.10-2025-106) indicate the vulnerability has been r...

6.4AI score
Exploits0
CVE
CVE
added 2025/09/15 4:26 p.m.37 views

CVE-2025-59328

CVE-2025-59328 describes a DoS vulnerability in the Apache Fory library caused by insecure deserialization of untrusted data. A remote attacker can submit a large, crafted payload that, when deserialized, fuels high CPU usage, leading to CPU exhaustion and unresponsiveness of the affected applica...

6.5CVSS6.7AI score0.0059EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2025/09/12 1:16 a.m.4 views

CVE-2025-58754

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...

7.5CVSS6.2AI score0.0106EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2025/09/12 1:16 a.m.3 views

CVE-2025-58754

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...

7.5CVSS6.5AI score0.0106EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/11 9:7 p.m.26 views

Axios is vulnerable to DoS attack through lack of data size check

Summary When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and returns a synthetic 200 response. This path ignores maxContentLength / maxBodyLength which only protect HTTP...

7.5CVSS7.4AI score0.0106EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2025/04/03 9:15 p.m.22 views

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

7.5CVSS0.00393EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/03 12:0 a.m.22 views

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

0.00393EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 12:0 a.m.11 views

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

7.5CVSS6.6AI score0.00393EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/03/25 3:57 p.m.10 views

Discourse: Application Level DoS - Large Markdown Payload in Reply Section Leading to Resource Exhaustion

A Denial of Service DoS vulnerability was identified in the reply section of the web application. Submitting an excessively large markup payload approximately 800,000 characters resulted in the server taking 30 seconds to respond before returning an HTTP/2 502 Bad Gateway error, indicating...

6.9AI score
Exploits0
OSV
OSV
added 2025/03/20 12:32 p.m.5 views

GHSA-FFH5-W482-C7M5 InvokeAI Uncontrolled Resource Consumption vulnerability

A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...

7.5CVSS7AI score0.00664EPSS
Exploits0References4
Rows per page
Query Builder