GHSA-X4GW-5CX5-PGMH Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes

SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates ctx.alloc.bufferhandshakeLength line 161. The guard at line 140 is handshakeLength maxClientHelloLength && maxClientHelloLength != 0, and the...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Mobyproject Moby

CVE-2026-34040 Full Lab PoC Docker/Moby AuthZ Plugin Bypass...

CVE-2026-2325

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

📄 ZTE ZXHN Router Denial of Service

The CGILua post.lua parser used in ZTE ZXHN routers does not enforce an upper bound on the body size of application/x-www-form-urlencoded POST requests. An unauthenticated attacker can crash or freeze the router's web management service by sending a single HTTP POST request with an oversized body...

CVE-2026-2325

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

CVE-2026-2325 Improper Input Validation in MS Teams Meetings API Handler

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

GO-2026-4887 Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker

Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker...

PT-2026-29934

Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker...

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

CVE-2026-34040 Moby: AuthZ plugin bypass with oversized request body

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ. This issue has been patched in version 29.3.1...

CVE-2026-34040

CVE-2026-34040 affects Moby, the open source container framework. Prior to version 29.3.1, an issue allows bypassing authorization plugins (AuthZ). The vulnerability has been fixed in 29.3.1. Connected sources consistently describe the problem as an AuthZ bypass in the daemon/plugin authorization...

Moby has AuthZ plugin bypass when provided oversized request bodies

Summary A security vulnerability has been detected that allows attackers to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being exploited is low. This is an incomplete fix for CVE-2024-41110. Impact If you don't use AuthZ plugins, you are not affecte...

CVE-2025-10685 HTTP POST with specific higher content length leads into heap corruption

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

CVE-2009-20005

A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a sta...

CVE-2024-34199

TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service Buffer Overflow when sending excessively large elements in the request line...

TinyWeb Security Vulnerability

TinyWeb is a simple and lightweight HTTP server from the individual developer Konstantin Belyalov. A security vulnerability exists in TinyWeb version 1.94 and earlier, which originates from a denial of service that allows an unauthenticated, remote attacker to send too large an element in a reque...

Open-Xchange OX App Suite 资源管理错误漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and earlier, which stems from insufficiently checking that request body sizes are reasonable for certain API endpoint...

CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...

CVE-2022-43945

The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call RPC into a single array of pages. A client can force the send...