CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

CVE-2026-28435 Payload size limit bypass via gzip decompression in ContentReader (streaming) allows oversized request bodies in cpp-httplib

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib httplib.h does not enforce Server::setpayloadmaxlength on the decompressed request body when using HandlerWithContentReader streaming ContentReader with Content-Encoding: gzip or other...

MiracleLinux 9 : java-1.8.0-openjdk-1.8.0.352.b08-2.el9 (AXSA:2022-4205:15)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4205:15 advisory. OpenJDK: excessive memory allocation in X.509 certificate parsing Security, 8286533 CVE-2022-21626 OpenJDK: HttpServer no connection count limit...

PT-2025-41013

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 Description Rack is a modular Ruby web server interface. The Rack::Multipart::Parser component stores non-file form fields in memory as Ruby String object...

BIT-TYPO3-2022-23500

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...

GO-2023-2102 HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

CVE-2022-39823

An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error...

Softing OPC UA C++ SDK 资源管理错误漏洞

The Softing OPC UA C++ SDK is a development kit from Softing Germany. It is used to quickly and easily integrate OPC UA clients and servers. A security vulnerability exists in the Softing OPC UA C++ SDK versions 5.66 through 6.10, which stems from the fact that an OPC/UA browse request that excee...

CVE-2022-39823

CVE-2022-39823 affects Softing OPC UA C++ SDK versions 5.66 through 6.x before 6.10. The issue is a use-after-free caused by an OPC/UA browse request that exceeds the server limit on continuation points, leading to potential memory mismanagement. The vulnerability is documented with a high impact...

Denial of Service in Page Error Handling

Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack...

Pure-FTPd 安全漏洞

Pure-FTPd is an FTP File Transfer Protocol server. A denial-of-service vulnerability exists in Pure-FTPd version 1.0.48, which allows remote attackers to exploit the vulnerability to prevent legitimate server usage by establishing enough connections to exceed the connection limit...

server limit dos use with the think-vulnerability warning-the black bar safety net

The emptiness of the prodigal son http://hi.baidu.com/aullik5/blog/item/6947261e7eaeaac0a7866913.html the. This article will not talk about this, I like to call it JS implantation method. | ---...

Use GOOGLE Analyzer do server limit dos-vulnerability warning-the black bar safety net

This article is purely YY, and finally did not practice success, but does not exclude other sites have similar possible. Many sites are using google's statistics. When we from a website, A link to a google statistics Site B, google will record the referer URI, and stored into the B COOKIE. If we...