Lucene search
K

8 matches found

NVD
NVD
added 2026/06/29 8:17 p.m.6 views

CVE-2026-53426

Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parsedocument/2 accepts a :json, json source. In lib/mdex.ex, the private jsontonode/1 function passes the attacker-controlled nodetype value to Module.concat/1, which calls...

8.2CVSS0.00126EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/09 9:59 p.m.13 views

PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)

Summary An attacker who can deliver psb-assign, psb-toggle, psb-set-theme, upper-tab-navigation, lower-tab-navigation, playground-change, or playground-toggle LiveView events to a mounted Phoenix Storybook playground can flood the BEAM atom table with attacker-controlled strings, permanently...

8.2CVSS5.5AI score0.00537EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/21 7:57 p.m.6 views

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 2:17 p.m.17 views

CVE-2026-8469

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS0.00537EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 1:35 p.m.6 views

EEF-CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Summary Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 witho...

8.2CVSS5.8AI score0.00537EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 1:35 p.m.43 views

CVE-2026-8469 Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook

Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenixstorybook allows unauthenticated denial-of-service via BEAM atom table exhaustion. Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.toatom/1 without...

8.2CVSS0.00537EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 6:16 p.m.5 views

CVE-2026-34593

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS0.00423EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/01 12:14 a.m.16 views

Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

Summary Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the referenced module exists. Because Erlang atoms are never garbage-collected and the BEAM atom table has ...

8.2CVSS6AI score0.00423EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder