Lucene search
K

91 matches found

OSV
OSV
added 2026/06/25 8:39 a.m.1 views

CVE-2026-53218 netfilter: nft_exthdr: fix register tracking for F_PRESENT flag

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftexthdr: fix register tracking for FPRESENT flag nftexthdrinit passes user-controlled priv-len to nftparseregisterstore, which marks that many bytes in the register bitmap as initialized. However, when...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
OSV
OSV
added 2026/06/15 9:55 p.m.7 views

EEF-CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read\full\body/3...

8.7CVSS5.4AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-42294

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

8.2CVSS5.4AI score0.00607EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:49 a.m.14 views

CVE-2026-28376

A flaw was found in Grafana Live. An authenticated user with access to the Grafana Live API can exploit the push endpoint by sending a large or streaming request body. This can lead to unbounded memory allocation, potentially causing out-of-memory conditions and resulting in a Denial of Service D...

6.5CVSS5.7AI score0.00328EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: Configurations that cause integer overflow are now rejected. Invalid configurations where the internal token counter wraps around are also rejected. This issue only occurs with very, very large requests, such...

5.5CVSS5.5AI score0.00241EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:29 a.m.5 views

Denial Of Service (DoS)

volcano.sh/volcano is vulnerable to Denial of Service DoS. The vulnerability is due to the webhook server not enforcing a size limit on incoming HTTP request bodies, which allows an attacker with access to the in-cluster webhook endpoint to send arbitrarily large requests and cause the webhook...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/15 8:42 a.m.8 views

BIT-GRAFANA-2026-28376 Grafana Live push endpoint allows unbounded memory allocation leading to OOM

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:32 p.m.19 views

EUVD-2026-30138

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 8:16 p.m.15 views

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS0.00328EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/13 8:16 p.m.11 views

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 8:16 p.m.10 views

UBUNTU-CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

Grafana OSS 安全漏洞

Grafana OSS is an open-source visualization dashboard developed by Grafana. There is a security vulnerability in Grafana OSS, which stems from the Live push endpoint’s ability to cause unlimited memory allocation by sending large or streaming request bodies, potentially leading to insufficient...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Hono 资源管理错误漏洞

Hono is a web framework built in TypeScript for the Hono community. Versions of Hono prior to 4.12.16 contained a resource management vulnerability. This vulnerability stemmed from the fact that the bodyLimit function did not reliably enforce the maxSize for requests without an available...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References1
OSV
OSV
added 2026/05/09 3:45 a.m.3 views

CVE-2026-42294 Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the...

8.2CVSS5.9AI score0.00607EPSS
Exploits1References9
Snyk
Snyk
added 2026/05/08 8:44 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/05 5:31 p.m.13 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 9:24 p.m.7 views

CVE-2026-39313 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

8.7CVSS5.8AI score0.00495EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:10 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL API when a large number of mutations or queries are included in a single request using aliases or by chaining multiple mutations. An attacker can cause excessive...

8.7CVSS5.8AI score0.00268EPSS
Exploits0References2
OSV
OSV
added 2026/03/26 4:19 p.m.2 views

CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler

Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...

4.9CVSS5.9AI score0.00344EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/13 6:56 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the E2E Metadata Parser API endpoint, which processes unbounded request bodies without size restrictions. An authenticated user can cause the server to run out of memory and disru...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References2
Rows per page
Query Builder