📄 ZTE ZXHN Router Denial of Service

The CGILua post.lua parser used in ZTE ZXHN routers does not enforce an upper bound on the body size of application/x-www-form-urlencoded POST requests. An unauthenticated attacker can crash or freeze the router's web management service by sending a single HTTP POST request with an oversized body...

CVE-2026-2325

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

CVE-2026-2325 Improper Input Validation in MS Teams Meetings API Handler

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

GO-2026-4887 Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker

Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker...

PT-2026-29934

Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker...

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

CVE-2026-34040

CVE-2026-34040 affects Moby, the open source container framework. Prior to version 29.3.1, an issue allows bypassing authorization plugins (AuthZ). The vulnerability has been fixed in 29.3.1. Connected sources consistently describe the problem as an AuthZ bypass in the daemon/plugin authorization...

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

Moby has AuthZ plugin bypass when provided oversized request bodies

Summary A security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This is an incomplete fix for CVE-2024-41110. Impact If you don't use AuthZ plugins, you are not affecte...

CVE-2025-10685 HTTP POST with specific higher content length leads into heap corruption

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

CVE-2009-20005

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a sta...

CVE-2024-34199

TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service Buffer Overflow when sending excessively large elements in the request line...

TinyWeb Security Vulnerability

TinyWeb is a simple and lightweight HTTP server from the individual developer Konstantin Belyalov. A security vulnerability exists in TinyWeb version 1.94 and earlier, which originates from a denial of service that allows an unauthenticated, remote attacker to send too large an element in a reque...

Open-Xchange OX App Suite 资源管理错误漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and earlier, which stems from insufficiently checking that request body sizes are reasonable for certain API endpoint...

CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...

CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...

PT-2022-20510 · Kubeedge · Kubeedge

Name of the Vulnerable Software and Affected Versions: KubeEdge versions prior to 1.11.1 KubeEdge versions prior to 1.10.2 KubeEdge versions prior to 1.9.4 Description: EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker sends a well-crafted HTTP request to "/edge.crt". If the...

CVE-2018-6407

An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device...

SmartMail Server 1.0 BETA 10 Oversized Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6075/info SmartMail Server is reported to be prone to a remote denial of service condition. It is possible to trigger this condition by sending large amounts 5MB+ of data to the server via TCP port 25 or 110. SmartMail...