Lucene search
K

122 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-12590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an...

5.9CVSS6.1AI score0.0025EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-12590

A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...

5.9CVSS5.9AI score0.0025EPSS
Exploits0References5
NVD
NVD
added 5 days ago9 views

CVE-2026-12590

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

5.9CVSS0.0025EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-12590

The Red Hat and CVE records confirm a vulnerability in body-parser: when the parser is configured with an invalid limit option (e.g., unparseable string or NaN), the request body size check is silently bypassed, enabling potential DoS through unbounded payloads. Affected versions are body-parser ...

5.9CVSS6AI score0.0025EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-12590

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS6AI score0.0025EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 5 days ago13 views

EUVD-2026-42577

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS6AI score0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-12590 body-parser vulnerable to denial of service when invalid limit value silently disables size enforcement

Impact: In body-parser versions prior to 1.20.6 1.x line and 2.3.0 2.x line, when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as thei...

3.7CVSS0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56769

Name of the Vulnerable Software and Affected Versions body-parser versions prior to 1.20.6 body-parser versions prior to 2.3.0 Description When the parser is configured with an invalid limit option value, such as an unparseable string or NaN Not-a-Number, the request body size check is silently...

5.9CVSS6.1AI score0.0025EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 11:13 a.m.9 views

ROOT-APP-NPM-CVE-2024-45590 CVE-2024-45590 in @rootio/body-parser - Patched by Root

Root has patched CVE-2024-45590 in the @rootio/body-parser package for Root:npm. Multiple fixed versions available...

7.5CVSS7.6AI score0.00824EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 10:13 p.m.25 views

Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

9.8CVSS6.8AI score0.01017EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 5:25 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2025-13466

Summary body-parser is used by the IBM Datapower Operations Dashboard as part of their network implementation Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of...

6.9CVSS5.5AI score0.0035EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/05 4:36 p.m.10 views

ROOT-APP-NPM-CVE-2025-13466 CVE-2025-13466 in @rootio/body-parser - Patched by Root

Root has patched CVE-2025-13466 in the @rootio/body-parser package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.0035EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in node-body-parser

body-parser is a Node.js body parsing middleware. body-parser version 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue has...

7.5CVSS7AI score0.00824EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:20 p.m.7 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to body-parser

Summary The affected package is used in the UI Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands o...

6.9CVSS5.9AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 9:13 a.m.6 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to CVE-2025-13466 in body-parser

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to CVE-2025-13466 in body-parser. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of...

6.9CVSS5.8AI score0.0035EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 4:17 p.m.7 views

Security Bulletin: A vulnerability in the body-parser package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the body-parser 2.2.0 package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5 and earlier. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies...

6.9CVSS6AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 4:10 p.m.7 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in body-parser (CVE-2025-13466) and qs (CVE-2025-15284, CVE-2026-2391)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in body-parser CVE-2025-13466 and qs CVE-2025-15284, CVE-2026-2391. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability...

7.5CVSS5.7AI score0.00478EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 7:20 p.m.9 views

Security Bulletin: Vulnerabilities in body-parser-2.2.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-13466)

Summary There is a vulnerability in body-parser-2.2.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-13466. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient...

6.9CVSS5.5AI score0.0035EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/12 5:20 a.m.7 views

org.webjars.npm:body-parser (>=1.20.0 <=1.20.3), org.webjars.npm:express (=4.18.1) +1 more potentially affected by CVE-2026-2391 via org.webjars.npm:qs (>=6.10.3 <=6.13.0)

org.webjars.npm:qs MAVEN version =6.10.3, =1.20.0, =8.4.7, =9.0.0-next.2 Source cves: CVE-2026-2391 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15268417...

7.5CVSS7AI score0.00478EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/02/06 7:53 p.m.11 views

AdonisJS vulnerable to Denial of Service (DoS) via Unrestricted Memory Buffering in PartHandler during File Type Detection

Summary A Denial of Service DoS vulnerability CWE-400 exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in memory while attempting to detect file types, potentially leading to excessiv...

7.5CVSS5.8AI score0.00491EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder