251 matches found
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
Axios is vulnerable to DoS attack through lack of data size check
Summary When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and returns a synthetic 200 response. This path ignores maxContentLength / maxBodyLength which only protect HTTP...
PT-2025-37272
Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.11.0 Description Axios, a promise-based HTTP client for browsers and Node.js, is susceptible to a denial-of-service DoS attack when running on Node.js and processing URLs with the data: scheme. The Node http adapter...
Linux Distros Unpatched Vulnerability : CVE-2020-1918
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory...
Linux Distros Unpatched Vulnerability : CVE-2023-6601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded...
Linux Distros Unpatched Vulnerability : CVE-2022-23518
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...
Linux Distros Unpatched Vulnerability : CVE-2025-32051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a...
SUSE-SU-2025:20446-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 - CVE-2025-32050:Fixed Integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051:Fixed Segmentation fault when parsing malformed data...
The vulnerability of the soup_uri_decode_data_uri() function in the GNOME graphical interface library libsoup allows a attacker to cause a service failure.
The vulnerability of the soupuridecodedatauri function in the libsoup library, a GNOME graphical interface library, is related to insufficient checking of exceptional states. Exploiting this vulnerability could allow an attacker to cause a service failure by sending a specially crafted POST reque...
CVE-2021-24559
The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...
Security update for libsoup
This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI...
CVE-2025-32051
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
CVE-2025-32051
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
AZL-59526 CVE-2025-32051 affecting package libsoup for versions less than 3.0.4-6
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
UBUNTU-CVE-2025-32051
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
CVE-2025-32051 Libsoup: segmentation fault when parsing malformed data uri
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
CVE-2025-32051 Libsoup: segmentation fault when parsing malformed data uri
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
CVE-2025-32051
A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...
CVE-2025-32051
Libsoup contains a vulnerability CVE-2025-32051 where soup_uri_decode_data_uri() may crash while processing malformed data URIs, leading to a DoS. Connected advisories (SUSE/SUSE-SU-2025 series, Mageia MGASA-2025-0261, and Diz/ Nessus references) confirm this CVE among multiple libsoup issues and...