PT-2026-41968

Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value 0 ⇒ "no limit". The same applies to the HTTP /api/v1/send endpoint, whose request body is...

CVE-2026-43125

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

GO-2026-4289 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns...

CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

...

GHSA-527X-5WRF-22M2 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

Multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is simila...

EUVD-2024-20870

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-20185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result ...

Real-World Evaluation of Protocol-Compliant Denial-Of-Service Attacks on C-V2X-Based Forward Collision Warning Systems

Cellular Vehicle-to-Everything C-V2X technology enables low-latency, reliable communications essential for safety applications such as a Forward Collision Warning FCW system. C-V2X deployments operate under strict protocol compliance with the 3rd Generation Partnership Project 3GPP and the Societ...

CVE-2024-23366

Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size...

SUSE CVE-2023-6779

An off-by-one heap-based buffer overflow was found in the vsysloginternal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INTMAX bytes, leading to an incorrect calculation of t...

RabbitMQ Resource Management Error Vulnerability

RabbitMQ is a feature-rich multi-protocol messaging and streaming agent from RabbitMQ open source. RabbitMQ has a security vulnerability that stems from the HTTP API does not enforce HTTP request body restrictions and is vulnerable to denial of service DoS attacks with oversized messages...

PT-2023-8230 · Rabbitmq +1 · Rabbitmq Java Client +1

Name of the Vulnerable Software and Affected Versions: RabbitMQ Java client versions prior to 5.18.0 Description: The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. maxBodyLebgth was not used when receiving Message objects...

CVE-2022-32958

A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process...

Teamplus Pro 聊天功能 安全漏洞

Teamplus Pro is a private cloud version of the app from the Taiwan, China-based company Teamplus. A security vulnerability exists in the chat feature of Teamplus Pro, which can be exploited by a remote attacker with general user privileges to send messages exceeding the message size limit to a...

KubeEdge 资源管理错误漏洞

KubeEdge is KubeEdge open source a Kubernetes native edge computing framework. Built on Kubernetes and extends native containerized application orchestration and device management to edge hosts. A security vulnerability exists in KubeEdge versions prior to 1.11.1, 1.10.2, and 1.9.4. The...

UBUNTU-CVE-2021-27365

An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGESIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum leng...

Moodle 资源管理错误漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A resource management error vulnerability exists in Moodle versions prior to 3.10.1, 3.9.4, 3.8.7 and 3.5.16, where messaging does not...

CVE-2020-27217

In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP...

FortiOS LCP Message Denial of Service Vulnerability

Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. A denial-of-service vulnerability exists in Fortinet FortiOS handling of LCP messages, which can be exploited by a remote attacker to submit a special oversized LCP message request that can crash...

The vulnerability of Apache CXF web services, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of Apache CXF web services is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending a specially crafted message, whose embedded data exceeds the allowed limit...