Lucene search
K

1687 matches found

Snyk
Snyk
added 2026/05/05 5:31 p.m.12 views

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 4:16 p.m.25 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS0.00469EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 3:17 p.m.51 views

CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS0.00469EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 3:17 p.m.16 views

CVE-2026-32689

CVE-2026-32689 affects Phoenix (Elixir) LongPoll transport: in Elixir.Phoenix.Transports.LongPoll publish/4, a POST with Content-Type: application/x-ndjson is split by newline without a limit, turning a small payload into enormous lists of empty binaries and a second large list via Enum.map, caus...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/05 3:17 p.m.9 views

CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:17 p.m.5 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/05 3:17 p.m.8 views

EEF-CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37059

Name of the Vulnerable Software and Affected Versions phoenix versions 1.7.0 through 1.7.21 phoenix version 1.8.6 Description An issue in the long-poll transport's NDJSON body handling allows a denial of service. In the publish/4 function of Elixir.Phoenix.Transports.LongPoll, POST requests with...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

phoenix 安全漏洞

Phoenix is a web development framework developed under the Phoenix framework open source project. Versions of Phoenix from 1.7.0 to 1.7.22, as well as 1.8.6, have security vulnerabilities. These vulnerabilities stem from the unlimited resource allocation during the processing of NDJSON data...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
OSV
OSV
added 2026/05/01 8:34 p.m.39 views

EEF-CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit

Summary Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends ever...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.33 views

PT-2026-36543

Name of the Vulnerable Software and Affected Versions bandit versions 0.5.0 through 1.10.x Description An allocation of resources without limits or throttling allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in the handle frame/3 function within...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References14
The Hacker News
The Hacker News
added 2026/03/19 12:43 p.m.10 views

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover DTO and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

Phoenix Contact多款产品 安全漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have security...

6.5CVSS6.1AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.10 views

PHOENIX CONTACT FL NAT 安全漏洞

PHOENIX CONTACT FL NAT is a series of industrial security gateways developed by the German company PHOENIX CONTACT. There is a security vulnerability in PHOENIX CONTACT FL NAT, which stems from a stack-based buffer overflow issue in the CLI’s TFTP file transfer command processing. This...

6.5CVSS6.1AI score0.00317EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.9 views

Phoenix Contact多款产品 安全漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have security...

5.3CVSS6.1AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.12 views

Phoenix Contact多款产品 安全漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have security...

4.9CVSS6.2AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

PHOENIX CONTACT FL NAT 跨站请求伪造漏洞

PHOENIX CONTACT FL NAT is a series of industrial security gateways developed by PHOENIX CONTACT GmbH in Germany. PHOENIX CONTACT FL NAT has a cross-site request forgeing vulnerability, which originates from the Link Aggregation configuration interface. This vulnerability may allow unverified remo...

7.1CVSS5.8AI score0.00178EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

Phoenix Contact多款产品 跨站脚本漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have a cross-site...

7.1CVSS5.7AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

PHOENIX CONTACT FL NAT 命令注入漏洞

PHOENIX CONTACT FL NAT is a series of industrial security gateways developed by the German company PHOENIX CONTACT. PHOENIX CONTACT FL NAT has a command injection vulnerability, which stems from command injection within the device’s Root CA certificate transmission process. This vulnerability cou...

7.2CVSS6AI score0.00999EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.12 views

PHOENIX CONTACT FL NAT 安全漏洞

PHOENIX CONTACT FL NAT is a series of industrial security gateways developed by the German company PHOENIX CONTACT. There is a security vulnerability in PHOENIX CONTACT FL NAT, which stems from a stack-based buffer overflow in the device file transfer parameter workflow. This vulnerability could...

4.9CVSS6.1AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder