Lucene search
K

17 matches found

CVE
CVE
added 3 days ago10 views

CVE-2026-55434

The CVE affects Coder’s AI Bridge provider endpoints (v2.33.x and v2.34.x) where handlers read request bodies with io.ReadAll without a max size. An authenticated user could send oversized bodies, causing memory exhaustion and a denial of service that crashes the control plane. Patches are availa...

6.5CVSS6AI score0.00552EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/01 8:56 p.m.2 views

GHSA-28PQ-6QXG-WG5R Mailpit: Sibling-endpoint memory-exhaustion DoS via unbounded JSON body on /api/v1/messages, /api/v1/tags, and /api/v1/message/{id}/release (incomplete fix of GHSA-fpxj-m5q8-fphw)

Summary The fix for GHSA-fpxj-m5q8-fphw CVE-2026-45710, "Mailpit: Set a default 50MB p/m limit to prevent DoS via unlimited SMTP DATA and /api/v1/send body sizes" wrapped only POST /api/v1/send with http.MaxBytesReader. The four other Mailpit JSON-body API endpoints PUT /api/v1/messages...

5.3CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 8:56 p.m.33 views

CVE-2026-44247 Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

6.8CVSS0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:56 p.m.10 views

CVE-2026-44247 Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

6.8CVSS5.8AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 12:36 p.m.9 views

CLSA-2026-1779366970 tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 8:44 p.m.12 views

Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size

Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions of Mattermost Plugins 2.3.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and web/dashboard applications. Versions of Mattermost Plugins 2.1.3.0 and earlier contain security vulnerabilities. These vulnerabilities stem from ...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 6:17 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.7 views

CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-30955

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.15 views

SUSE CVE-2026-31866

flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP /ofrep/v1/evaluate/... and gRPC evaluation.v1, evaluation.v2 endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context...

7.5CVSS7AI score0.0042EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/13 7:7 p.m.30 views

CVE-2026-30955 Gokapi vulnerable to DoS in E2E Metadata Parser

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. This vulnerability is...

6.5CVSS0.00248EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.8 views

Gokapi vulnerable to DoS in E2E Metadata Parser

Summary An API endpoint accepts unbounded request bodies without any size limit. An authenticated user can cause an OOM kill and complete service disruption for all users. Impact Any authenticated user can crash the Gokapi server by sending concurrent large payloads...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25357

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.4 Description Gokapi is a self-hosted file sharing server that supports automatic expiration and encryption. An API endpoint is susceptible to accepting request bodies of unlimited size. An authenticated user can...

9.9CVSS7.1AI score0.22162EPSS
Exploits70References136
RedhatCVE
RedhatCVE
added 2025/02/06 12:48 a.m.5 views

CVE-2022-3212

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally:...

7.5CVSS6.7AI score0.0082EPSS
Exploits1References1
Snyk
Snyk
added 2024/11/20 9:38 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of size limits or size checks when reading the request body into memory v...

8.2CVSS6.9AI score0.00756EPSS
Exploits1References2
Rows per page
Query Builder