Lucene search
K

33 matches found

EUVD
EUVD
added 2026/06/23 12:31 p.m.7 views

EUVD-2026-38446

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS5.9AI score0.00707EPSS
Exploits0References8
NVD
NVD
added 2026/05/12 8:16 p.m.30 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS0.01225EPSS
Exploits2References8
Ubuntu
Ubuntu
added 2026/05/12 2:53 p.m.17 views

USN-8270-1: Exim vulnerability

It was discovered that Exim incorrectly handled BDAT body parsing. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code...

6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.9 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References7
CVE
CVE
added 2026/04/10 4:3 p.m.11 views

CVE-2026-35665

OpenClaw CVE-2026-35665 details a Denial of Service via pre-auth body parsing in the Feishu webhook handler. The Feishu extension still uses permissive pre-auth limits (1 MB body, 30 s timeout) before signature verification, unlike other webhook handlers that were patched to 64 KB / 5 s. Attacker...

6.9CVSS5.8AI score0.00327EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/03 2:54 a.m.6 views

GHSA-P464-M8X6-VHV8 OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion

Summary MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still parses Teams JSON after only a Bearer-prefix gate and before real JWT validation, and the...

8.7CVSS5.9AI score0.00481EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29846

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C520WS version 2.6 Description A heap-based buffer overflow exists in the HTTP POST body parsing logic due to insufficient boundary validation and missing validation of remaining buffer capacity after dynamic allocation when...

7.1CVSS6.9AI score0.00259EPSS
Exploits0References10
OSV
OSV
added 2026/03/30 6:32 p.m.7 views

GHSA-W6M8-CQVJ-PG5V OpenClaw has incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS (Slow-Body / Slowloris Variant)

Fixed in OpenClaw 2026.3.24, the current shipping release. Advisory Details Title: Incomplete Fix for CVE-2026-32011: Feishu Webhook Pre-Auth Body Parsing DoS Slow-Body / Slowloris Variant Description: Summary The patch for CVE-2026-32011 tightened pre-auth body parsing limits from 1MB/30s to...

6.9CVSS6AI score0.00327EPSS
Exploits1References5
OSV
OSV
added 2026/03/29 3:48 p.m.5 views

GHSA-3H52-CX59-C456 OpenClaw: Feishu webhook reads and parses unauthenticated request bodies before signature validation

Summary Feishu webhook reads and parses unauthenticated request bodies before signature validation Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details Feishu...

6.9CVSS5.9AI score0.00436EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/24 8:33 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview @astrojs/node is a Deploy your site to a Node.js server Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the /server-islands/name route handler, which buffers and parses the entire request body as JSON without enforcing a size...

8.7CVSS5.8AI score0.0037EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/19 10:6 p.m.2 views

CVE-2026-32011 OpenClaw < 2026.3.2 - Slow-Request Denial of Service via Pre-Auth Webhook Body Parsing

OpenClaw versions prior to 2026.3.2 contain a denial of service vulnerability in webhook handlers for BlueBubbles and Google Chat that parse request bodies before performing authentication and signature validation. Unauthenticated attackers can exploit this by sending slow or oversized request...

8.7CVSS5.8AI score0.00418EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.7 views

CVE-2023-25578

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

7.5CVSS6.8AI score0.01004EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/10 7:22 p.m.1 views

EUVD-2025-33748

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.3AI score0.00605EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/10 7:22 p.m.3 views

CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References4
RubySec
RubySec
added 2025/10/10 12:0 a.m.8 views

Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Summary Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefore be buffered completely into process memory before parsing, leading to denial of...

7.5CVSS6.5AI score0.00605EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2022-1032

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-46336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion 'opts & PARSERCLASSLITERALCTORPRESENT' failed at /parser/js/js-parser- expr.cparserparseclassbody in JerryScript 3.0.0. CVE-2021-46336 Not...

5.5CVSS5.7AI score0.00644EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:54 a.m.10 views

CVE-2024-22080

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing...

9.8CVSS7.2AI score0.00785EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.14 views

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...

7.5CVSS6.8AI score0.01386EPSS
Exploits0
OSV
OSV
added 2024/09/10 3:54 p.m.35 views

CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

7.5CVSS7.5AI score0.00824EPSS
Exploits1References4
Rows per page
Query Builder