Lucene search
+L

84 matches found

OSV
OSV
added 2026/07/10 2:58 p.m.4 views

CVE-2026-33382 Denial of service via unbounded request body size

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.8 views

PT-2026-57205

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description Several API endpoints, some of which are unauthenticated, fail to limit the size of the request body before processing. This allows an attacker to send excessively large payloads that trigger...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/09 8:33 p.m.10 views

CVE-2026-12590

A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...

5.9CVSS5.9AI score0.0025EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

3.8CVSS6.2AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:16 p.m.3 views

DEBIAN-CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:35 p.m.7 views

CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-42127

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS0.00432EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 4:31 p.m.8 views

EUVD-2026-38309

The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...

7.5CVSS5.9AI score0.00432EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 6:45 p.m.5 views

CVE-2026-9375 Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS7.3AI score0.00304EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 9:14 p.m.11 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/26 3:24 a.m.14 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 1:16 p.m.8 views

OESA-2026-2359 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in...

7.5CVSS7.2AI score0.00585EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. Variable names present in the supplied command line are expanded into their corresponding variable contents, using a 1 kB stack buffer for temporary storage. However, there is insufficient bounds checking. If the function is called with a...

7.2CVSS7AI score0.00573EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40270

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

8.2CVSS5.7AI score0.00607EPSS
Exploits1References6
NVD
NVD
added 2026/05/09 4:16 a.m.22 views

CVE-2026-42294

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

8.2CVSS0.00607EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/05/04 6:38 p.m.7 views

CVE-2026-42236 n8n: Unauthenticated Denial of Service via MCP Client Registration

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, the MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memor...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-37192

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.7.14 Argo Workflows versions prior to 4.0.5 Description The Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

8.2CVSS5.8AI score0.00607EPSS
Exploits1References15
Veracode
Veracode
added 2026/04/30 4:17 p.m.13 views

Improper Resource Consumption

Axios is vulnerable to Improper Resource Consumption. The vulnerability is due to lack of enforcement of maxContentLength when using responseType 'stream', which allows an attacker to send large responses leading to unbounded resource consumption...

5.3CVSS5.8AI score0.00421EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.7 views

CVE-2026-40481

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled...

8.2CVSS5.7AI score0.00446EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/16 10:50 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MappingEngine.TryMapCollectionOntoExisting object through Mapsrc call. An attacker can exhaust system resources and cause application downtime by submitting large collection...

8.7CVSS5.5AI score
Exploits0References2
Rows per page
Query Builder