102 matches found
CVE-2026-33382
Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...
PT-2026-55207
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.1 Description An unauthenticated remote attacker can cause a memory-exhaustion Denial of Service DoS by sending large JSON bodies to specific API endpoints. This occurs because the software fails to limit the...
Improper Input Validation
hono is vulnerable to Improper Input Validation. The vulnerability is due to trusting the client-supplied Content-Length header instead of validating the actual request body size, which allows an attacker to bypass configured body size limits by declaring a smaller content length while sending a...
GHSA-RV63-4MWF-QQC2 hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`
Summary The Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is delivered fully buffered and the adapter builds the request with the client-declared...
GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)
Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...
CVE-2026-5308
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
CVE-2026-44247
Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...
CVE-2026-44247
Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...
GHSA-JMVR-R5HM-FXFR Mattermost doesn't enforce request body size limits on plugin HTTP endpoints
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
[SECURITY] [DSA 6291-1] haproxy security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...
CVE-2026-5308
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
CVE-2026-5308
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
EUVD-2026-31425
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
CVE-2026-5308
CVE-2026-5308 affects Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x
PT-2026-42749
Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Failure to enforce request body size limits on plugin HTTP endpoints allows an attacker to cause a denial of service by sendi...
Mattermost doesn't limit the size of the request body on the start meeting API endpoint
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...
EUVD-2026-30737
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...
PT-2026-41639
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An authenticated attacker can cause resource exhaustion or denial of service by sending a crafted...
PT-2026-38278
Name of the Vulnerable Software and Affected Versions python-multipart versions prior to 0.0.27 Description A denial of service issue exists in the multipart part header parsing of the MultipartParser when processing multipart/form-data. The parser lacked limits on the number of part headers and...