Lucene search
+L

24 matches found

ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.21 views

PT-2026-46302

Name of the Vulnerable Software and Affected Versions Axios versions 1.7.0 through 1.15.x Description Axios fails to enforce configured request and response size limits when using the fetch adapter. This occurs when applications explicitly set adapter: 'fetch', use a configuration where fetch is...

7.5CVSS5.5AI score0.0063EPSS
Exploits1References39
snyk
snyk
added 2026/05/22 1:44 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing request body size limits on plugin HTTP endpoints. An attacker can exhaust system resources by sending crafted oversized HTTP requests. Remediation Upgrade...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2
osv
osv
added 2026/04/10 4:3 p.m.3 views

CVE-2026-35665 OpenClaw < 2026.3.24 - Denial of Service via Feishu Webhook Pre-Auth Body Parsing

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending...

6.9CVSS6AI score0.00327EPSS
Exploits1References4
snyk
snyk
added 2026/03/27 6:17 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References2
snyk
snyk
added 2026/03/27 6:17 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References2
osv
osv
added 2026/03/27 6:17 p.m.4 views

GHSA-99HJ-44VG-HFCP Fleet's unbounded request body read allows remote Denial of Service

Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References3
susecve
susecve
added 2026/01/28 12:25 a.m.7 views

SUSE CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS5.9AI score0.00494EPSS
Exploits0References3
nvd
nvd
added 2026/01/27 6:15 p.m.11 views

CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS0.00494EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/01/27 6:15 p.m.5 views

CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS5.9AI score0.00494EPSS
Exploits0References5
cvelist
cvelist
added 2026/01/27 5:30 p.m.36 views

CVE-2026-22260 Suricata http1: infinite recursion in decompression

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS0.00494EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/27 5:30 p.m.3 views

CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS5.9AI score0.00494EPSS
Exploits0References3
cve
cve
added 2026/01/27 5:30 p.m.62 views

CVE-2026-22260

CVE-2026-22260 affects Suricata

7.5CVSS5.9AI score0.00494EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/01/27 5:30 p.m.8 views

CVE-2026-22260 Suricata http1: infinite recursion in decompression

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

7.5CVSS5.9AI score0.00494EPSS
Exploits0References5
osv
osv
added 2025/11/26 11:15 p.m.5 views

DEBIAN-CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS5.3AI score0.00284EPSS
Exploits0References1
osv
osv
added 2025/11/26 11:15 p.m.5 views

UBUNTU-CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/11/26 12:0 a.m.5 views

PT-2025-48204

Name of the Vulnerable Software and Affected Versions Suricata versions prior to 7.0.13 Suricata versions prior to 8.0.2 Description Suricata is a network IDS, IPS and NSM engine. A stack overflow can occur during large HTTP file transfers if the HTTP response body limit is increased and logging ...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/10/10 7:22 p.m.3 views

CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References4
veracode
veracode
added 2025/09/26 8:25 a.m.7 views

Denial Of Service (DoS)

github.com/rancher/rancher is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of enforced request body size limits on certain public and authenticated API endpoints, which allows an attacker to send excessively large payloads that are fully loaded into memory during...

8.2CVSS6.9AI score0.00482EPSS
Exploits0References11Affected Software1
cvelist
cvelist
added 2025/05/06 12:45 a.m.46 views

CVE-2025-46728 cpp-httplib has Unbounded Memory Allocation in Chunked/No-Length Requests

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

7.5CVSS0.00603EPSS
Exploits1References2
cvelist
cvelist
added 2025/03/11 12:0 a.m.29 views

CVE-2025-27911

An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion if saved to...

6.5CVSS0.00403EPSS
Exploits0References2
Rows per page
Query Builder