Lucene search
+L

70 matches found

NVD
NVD
added 2026/07/09 5:17 p.m.9 views

CVE-2026-51606

An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...

7.5CVSS0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 10:21 a.m.16 views

EUVD-2026-42577

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS6AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2026/07/07 9:17 p.m.9 views

CVE-2026-55434

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could se...

6.5CVSS0.00552EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:14 p.m.6 views

CVE-2026-55434

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could se...

6.5CVSS6AI score0.00552EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/02 8:16 a.m.6 views

UBUNTU-CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...

7.5CVSS6AI score0.00388EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53020

Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...

7.5CVSS5.8AI score
Exploits0References16
RedHat Linux
RedHat Linux
added 2026/06/17 12:44 a.m.9 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/11 3:37 p.m.9 views

CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS5.4AI score0.0063EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption and may lead to denial-of-service attacks. Users with viewer-level access and authenticated status can...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 11:16 a.m.11 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 10:20 a.m.12 views

EUVD-2026-31425

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:20 a.m.42 views

CVE-2026-5308

CVE-2026-5308 affects Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/18 9:31 a.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the start meeting API endpoint when the size of the request body is not limited. An attacker can exhaust system resources or disrupt service availability by sending crafted...

7.1CVSS5.5AI score0.0024EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/18 6:51 a.m.34 views

CVE-2026-2325 Improper Input Validation in MS Teams Meetings API Handler

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

4.3CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:51 a.m.22 views

CVE-2026-2325

CVE-2026-2325 affects Mattermost versions 11.5.x up to 11.5.1, 10.11.x up to 10.11.13, and 11.4.x up to 11.4.3. The issue is an improper input validation where the start meeting API endpoint (/api/v1/meetings) does not limit the request body size, enabling an authenticated attacker to cause resou...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/13 4:16 p.m.59 views

CVE-2026-44456

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

6.5CVSS0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 7:7 p.m.10 views

EUVD-2026-27442

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS5.7AI score0.00672EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/28 10:43 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the requestToMsgGet process. An attacker can exhaust CPU and memory resources by sending oversized DNS-over-HTTPS GET requests with large dns query parameters, causing the...

8.7CVSS5.8AI score0.00672EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/22 5:6 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview @next-ai-drawio/mcp-server is a MCP server for Next AI Draw.io - AI-powered diagram generation with real-time browser preview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handleStateApi, handleRestoreApi, and...

8.7CVSS5.8AI score0.00146EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/17 10:54 p.m.27 views

CVE-2026-40481 monetr: Unauthenticated Stripe webhook reads attacker-sized request bodies before signature validation

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled...

8.2CVSS0.00446EPSS
Exploits1References2
Rows per page
Query Builder