56 matches found
CVE-2026-41483 Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...
CVE-2026-40481
monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled...
CVE-2026-40481
monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled...
Denial Of Service (DoS)
AdonisJS is vulnerable to a Denial Of Service DoS. The vulnerability is due to unbounded memory accumulation in the multipart file handling logic of @adonisjs/bodyparser, where the parser buffers excessive data in memory while detecting file types, allowing attackers to trigger excessive memory...
CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...
CVE-2026-25762
CVE-2026-25762 affects AdonisJS, specifically the @adonisjs/bodyparser multipart file handling logic. The vulnerability arises when the multipart parser processes file uploads, potentially accumulating an unbounded amount of data in memory while attempting to detect file types, leading to excessi...
CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...
CVE-2026-25762 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...
GHSA-XX9G-FH25-4Q64 AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...
AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection
Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...
MiracleLinux 8 : python3.12-3.12.8-1.el8_10 (AXSA:2024-9392:15)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9392:15 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Unbounded memory buffering in...
Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...
GHSA-W9PC-FMGC-VXVW Rack: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...
DEBIAN-CVE-2025-61770
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...
Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)
Summary Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or more can consume equivalent process memory, potentially leading to out-of-memory OOM...
SUSE CVE-2023-33953
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...
TencentOS Server 4: grpc (TSSA-2025:0125)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0125 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
RLSA-2024:10978 Important: python3.12 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
AZL-57485 CVE-2025-22869 affecting package terraform for versions less than 1.3.2-24
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2025:0521-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0521-1 advisory. - CVE-2025-0938: Functions urllib.parse.urlsplit and urlparse accept domain names including squa...