Lucene search
K

350 matches found

Github Security Blog
Github Security Blog
added 2025/10/28 8:38 p.m.8 views

Starlette vulnerable to O(n^2) DoS via Range header merging in ``starlette.responses.FileResponse``

Summary An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints serving files e.g., StaticFiles or any use of...

7.5CVSS6.9AI score0.00638EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/10/28 8:14 p.m.93 views

CVE-2025-62727

CVE-2025-62727 (Starlette) : Affects Starlette before version 0.49.1, where an unauthenticated attacker can send a crafted HTTP Range header triggering quadratic-time processing in FileResponse Range parsing/merging, causing CPU exhaustion and denial of service on file-serving endpoints. A fix is...

7.5CVSS6.1AI score0.00638EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/28 8:14 p.m.14 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.1AI score0.00638EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/28 8:14 p.m.7 views

EUVD-2025-36555

Starlette is a lightweight ASGI framework/toolkit. Prior to 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service...

7.5CVSS6.4AI score0.00638EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/28 8:14 p.m.9 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS0.00638EPSS
Exploits0References4
OSV
OSV
added 2025/10/28 8:14 p.m.4 views

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

7.5CVSS6.6AI score0.00638EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.3 views

PT-2025-44209

Name of the Vulnerable Software and Affected Versions Starlette versions 0.39.0 through 0.49.0 Description Starlette is a lightweight ASGI framework/toolkit. An unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range...

7.5CVSS6.5AI score0.00638EPSS
Exploits0References185
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-9515

Malware in sbrugna...

5CVSS8.9AI score0.56191EPSS
Exploits2References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7676

Malware in sbrugna...

7.5CVSS7.5AI score0.01328EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-13356

Malware in sbrugna...

7.8CVSS5AI score0.02584EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0505

Malware in sbrugna...

5CVSS6.4AI score0.02027EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-2291

Malware in sbrugna...

7.5CVSS6.4AI score0.1023EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-11470

Malware in sbrugna...

6.5CVSS6.6AI score0.01239EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-2274

Malware in sbrugna...

5CVSS6.2AI score0.02175EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-7125

Malware in sbrugna...

5CVSS6.4AI score0.02849EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/06 12:0 a.m.3 views

RockyLinux 10 : libsoup3 (RLSA-2025:8128)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8128 advisory. libsoup: Denial of Service attack to websocket server CVE-2025-32049 libsoup: Denial of service in server when client requests a large amount of...

7.5CVSS6.4AI score0.00821EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-49960

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01492EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.4 views

libsoup3 security update

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Libsoup is an HTTP library implementation in C. It was originally part of a...

7.5CVSS6.9AI score0.00821EPSS
Exploits0
Packet Storm
Packet Storm
added 2025/09/16 12:0 a.m.166 views

📄 Node.JS 4.1.1 Directory Listing

Node.JS versions 4.1.1 and below suffer from a Range header issue that results in a directory listing. !/bin/bash Exploit Title: Node.JS -u \n" exit else echo -e "\n+ TARGET: $TARGET$URI\n" curl -s -H "Range: 99999" $TARGET$URI | html2text | sed '1d;$d' fi...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-1223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configure...

7.5CVSS6.6AI score0.01985EPSS
Exploits0References2
Rows per page
Query Builder