Lucene search
K

102 matches found

AlpineLinux
AlpineLinux
added 4 days ago4 views

CVE-2026-33382

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-55207

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.30.1 Description An unauthenticated remote attacker can cause a memory-exhaustion Denial of Service DoS by sending large JSON bodies to specific API endpoints. This occurs because the software fails to limit the...

5.3CVSS6AI score
Exploits0References4
Veracode
Veracode
added 2026/06/17 6:10 p.m.9 views

Improper Input Validation

hono is vulnerable to Improper Input Validation. The vulnerability is due to trusting the client-supplied Content-Length header instead of validating the actual request body size, which allows an attacker to bypass configured body size limits by declaring a smaller content length while sending a...

6.5CVSS5.3AI score0.00103EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/16 2:32 p.m.7 views

GHSA-RV63-4MWF-QQC2 hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`

Summary The Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is delivered fully buffered and the adapter builds the request with the client-declared...

6.5CVSS5.4AI score0.00103EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:19 p.m.8 views

GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00052EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.13 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.5AI score0.00254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.12 views

CVE-2026-44247

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:56 p.m.11 views

CVE-2026-44247

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

6.8CVSS5.8AI score0.00173EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/26 1:30 p.m.3 views

GHSA-JMVR-R5HM-FXFR Mattermost doesn't enforce request body size limits on plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References4
Debian
Debian
added 2026/05/22 8:18 p.m.17 views

[SECURITY] [DSA 6291-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

5.8CVSS5.8AI score0.00297EPSS
Exploits1
NVD
NVD
added 2026/05/22 11:16 a.m.10 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 10:20 a.m.12 views

CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

4.9CVSS5.8AI score0.00254EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:20 a.m.9 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 10:20 a.m.12 views

EUVD-2026-31425

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:20 a.m.36 views

CVE-2026-5308

CVE-2026-5308 affects Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.13 views

PT-2026-42749

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Failure to enforce request body size limits on plugin HTTP endpoints allows an attacker to cause a denial of service by sendi...

7.8CVSS5.8AI score0.00254EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.11 views

Mattermost doesn't limit the size of the request body on the start meeting API endpoint

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2026/05/18 6:51 a.m.19 views

EUVD-2026-30737

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41639

Name of the Vulnerable Software and Affected Versions Mattermost versions 11.5.0 through 11.5.1 Mattermost versions 10.11.0 through 10.11.13 Mattermost versions 11.4.0 through 11.4.3 Description An authenticated attacker can cause resource exhaustion or denial of service by sending a crafted...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-38278

Name of the Vulnerable Software and Affected Versions python-multipart versions prior to 0.0.27 Description A denial of service issue exists in the multipart part header parsing of the MultipartParser when processing multipart/form-data. The parser lacked limits on the number of part headers and...

7.5CVSS5.8AI score0.00549EPSS
Exploits0References189
Rows per page
Query Builder