Lucene search
K

18 matches found

EUVD
EUVD
added 2026/06/26 8:59 p.m.11 views

EUVD-2026-37805

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-53020

Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...

7.5CVSS5.8AI score
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/04/29 9:19 p.m.8 views

n8n Vulnerable to Unauthenticated Denial of Service via MCP Client Registration

Impact The MCP OAuth client registration endpoint accepted unauthenticated requests and stored client data without adequate resource controls. An unauthenticated remote attacker could exhaust server memory resources by sending large registration payloads, rendering the n8n instance unavailable. T...

8.7CVSS5.6AI score0.00487EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/29 9:19 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MCP OAuth client registration process. An attacker can exhaust server memory resources and render the instance unavailable by sending lar...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 1:28 p.m.24 views

CVE-2026-34155 RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS0.00141EPSS
Exploits0References3
CVE
CVE
added 2026/03/23 11:41 p.m.11 views

CVE-2026-33241

Summary (facts, no speculation) : CVE-2026-33241 affects Salvo, a Rust web framework. Prior to version 0.89.3, Salvo’s form data parsing (form_data() and the Extractible macro) does not enforce payload size limits before reading request bodies, enabling unbounded memory allocation and potential O...

8.7CVSS5.8AI score0.00437EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/15 5:53 a.m.4 views

OESA-2026-1553 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ excepti...

7.5CVSS5.6AI score0.00602EPSS
Exploits3References4
OSV
OSV
added 2026/03/04 8:16 p.m.3 views

DEBIAN-CVE-2026-28435

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

7.5CVSS5.3AI score0.00418EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/25 11:7 p.m.28 views

CVE-2026-27633 TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...

8.7CVSS0.00436EPSS
Exploits0References3
OSV
OSV
added 2025/12/04 7:16 p.m.6 views

AZL-71500 CVE-2025-65637 affecting package podman 4.1.1-26

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS7.1AI score0.00585EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990881)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990881 advisory. In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata i2037 AM65x SR 1.0 Errata i2037 in AM65x/DRA80xM...

5.5CVSS6.2AI score0.00207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.6 views

PT-2025-46219

Name of the Vulnerable Software and Affected Versions SpiceDB versions prior to 1.45.2 Description SpiceDB is a database system for managing application permissions. Versions prior to 1.45.2 are susceptible to an issue where a successful response is incorrectly returned from a WriteRelationships...

6.9CVSS6.3AI score0.0022EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3518

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0106EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/08/29 3:38 p.m.9 views

Rancher affected by unauthenticated Denial of Service

Impact A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into...

8.2CVSS6.7AI score0.00482EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-29484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message...

6CVSS7.2AI score0.00385EPSS
Exploits0References2
OSV
OSV
added 2024/10/21 8:15 p.m.1 views

DEBIAN-CVE-2022-48948

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvcfunctionsetup permits control transfer requests with up to 64 bytes of payload UVCMAXREQUESTSIZE, data stage handler for OUT transfer uses memcpy to cop...

7.8CVSS5.8AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 3:15 p.m.1 views

UBUNTU-CVE-2024-47667

In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata i2037 AM65x SR 1.0 Errata i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 SPRZ452DJuly 2018Revised December 2019 1 mentions when an inbound PCIe TLP spans more than two internal AXI...

5.5CVSS6.2AI score0.00207EPSS
Exploits0References25
OSV
OSV
added 2018/11/20 2:29 p.m.1 views

CVE-2018-1779

IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802...

7.5CVSS5.8AI score0.02494EPSS
Exploits0References3
Rows per page
Query Builder