24 matches found
CVE-2026-54463
The websocket-driver Ruby package is affected by a memory exhaustion issue in draft WebSocket protocol frames. Before 0.8.1, a length header can be exploited by sending an unbounded sequence of 0x80+ bytes, causing the peer to parse an ever-growing Ruby integer and potentially exhausting memory. ...
CVE-2026-59879 Immutable.js `List` 32-bit trie overflow → unrecoverable DoS
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...
next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage
An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...
CVE-2026-56018
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...
CVE-2026-56018
CVE-2026-56018 concerns JavaScript::Minifier::XS for Perl with memory leak in versions before 0.16. The root cause is that, in JsMinify (XS.xs), cleanup frees only NodeSet structures but not per-token contents buffers, and JsDiscardNode unlinks nodes without freeing their contents. As a result, e...
Netty: SCTP reassembly nests buffers without bound
For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...
CVE-2026-41310
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...
klever-go: Unbounded goroutine spawn on direct-message ingress enables peer-driven DoS
Summary networkMessenger.directMessageHandler in network/p2p/libp2p/netMessenger.go spawns a fresh goroutine for every incoming direct message before the antiflood layer makes an admission decision. There is no semaphore, throttler, or bound on concurrent in-flight spawns. A single connected libp...
next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage
An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...
CVE-2026-7768
The CVE affects @fastify/accepts-serializer where serializer-selection results are cached by the request Accept header without bounds or eviction, allowing an unauthenticated remote client to cause unbounded cache growth and Node.js heap exhaustion leading to a crash. Affected versions are
CVE-2026-42786 WebSocket fragmented message reassembly unbounded in bandit
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Bandit.WebSocket.Connection':handleframe/3 in lib/bandit/websocket/connection.ex appends every incomi...
Allocation of Resources Without Limits or Throttling
Overview OpenTelemetry.Exporter.Zipkin is a Zipkin Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded growth of the remote endpoint cache derived from span attributes. An attacker can cause...
OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure
Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...
GHSA-RP42-5VXX-QPWR basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()
Summary [email protected] is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list, causing the client process to...
Allocation of Resources Without Limits or Throttling
Overview miraheze/ts-portal is a Portal for handling and managing the investigation lifecycle for Trust and Safety at the WikiTide Foundation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DPAAlreadyLive validation process. An...
GHSA-F346-8RP3-4H9H TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service
Summary A flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded...
CVE-2026-23378
In the Linux kernel, the following vulnerability has been resolved: net/sched: actife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the old data on the metalist, the current ife code is appending the new metadata. Aside from being...
CVE-2026-27980
Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...
Allocation of Resources Without Limits or Throttling
Overview next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of an upper bound on the disk cache used by the image optimization. An attacker can exhaust disk storage by generating a large number of...
SUSE CVE-2026-23139
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: update lastgc only when GC has been performed Currently lastgc is being updated everytime a new connection is tracked, that means that it is updated even if a GC wasn't performed. With a sufficiently high...