Lucene search
+L

251 matches found

Vulnrichment
Vulnrichment
added 2025/09/12 1:16 a.m.2 views

CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...

7.5CVSS5.6AI score0.0106EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/09/12 1:16 a.m.42 views

CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...

7.5CVSS0.0106EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/09/11 9:7 p.m.26 views

Axios is vulnerable to DoS attack through lack of data size check

Summary When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and returns a synthetic 200 response. This path ignores maxContentLength / maxBodyLength which only protect HTTP...

7.5CVSS7.4AI score0.0106EPSS
Exploits1References10Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.5 views

PT-2025-37272

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.11.0 Description Axios, a promise-based HTTP client for browsers and Node.js, is susceptible to a denial-of-service DoS attack when running on Node.js and processing URLs with the data: scheme. The Node http adapter...

7.5CVSS6.3AI score0.0106EPSS
Exploits1References31
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-1918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory...

7.5CVSS7.4AI score0.01218EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-6601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded...

4.7CVSS5.9AI score0.00397EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-23518

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...

6.1CVSS6.6AI score0.00867EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-32051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a...

5.9CVSS7AI score0.00519EPSS
Exploits0References2
OSV
OSV
added 2025/06/25 8:16 a.m.5 views

SUSE-SU-2025:20446-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed Heap buffer over-read in skipinsignificantspace when sniffing content bsc1240750 - CVE-2025-32050:Fixed Integer overflow in appendparamquoted bsc1240752 - CVE-2025-32051:Fixed Segmentation fault when parsing malformed data...

9CVSS6.1AI score0.00916EPSS
Exploits1References33
BDU FSTEC
BDU FSTEC
added 2025/06/20 12:0 a.m.6 views

The vulnerability of the soup_uri_decode_data_uri() function in the GNOME graphical interface library libsoup allows a attacker to cause a service failure.

The vulnerability of the soupuridecodedatauri function in the libsoup library, a GNOME graphical interface library, is related to insufficient checking of exceptional states. Exploiting this vulnerability could allow an attacker to cause a service failure by sending a specially crafted POST reque...

5.9CVSS6.2AI score0.00519EPSS
Exploits0References9Affected Software5
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.5 views

CVE-2021-24559

The Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce...

5.4CVSS6.2AI score0.00218EPSS
Exploits2References1
SUSE Linux
SUSE Linux
added 2025/05/07 12:6 p.m.4 views

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-2784: Fixed heap buffer over-read in skipinsignificantspace when sniffing conten bsc1240750 CVE-2025-32050: Fixed integer overflow in appendparamquoted bsc1240752 CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI...

8.8CVSS7.6AI score0.00916EPSS
Exploits1References64
ATTACKERKB
ATTACKERKB
added 2025/04/03 2:15 p.m.6 views

CVE-2025-32051

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS6.2AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 2025/04/03 2:15 p.m.10 views

CVE-2025-32051

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS0.00519EPSS
Exploits0References3
OSV
OSV
added 2025/04/03 2:15 p.m.6 views

AZL-59526 CVE-2025-32051 affecting package libsoup for versions less than 3.0.4-6

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS5.7AI score0.00519EPSS
Exploits0References1
OSV
OSV
added 2025/04/03 2:15 p.m.5 views

UBUNTU-CVE-2025-32051

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS6.2AI score0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/03 1:36 p.m.14 views

CVE-2025-32051 Libsoup: segmentation fault when parsing malformed data uri

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS6.8AI score0.00519EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/04/03 1:36 p.m.29 views

CVE-2025-32051 Libsoup: segmentation fault when parsing malformed data uri

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS0.00519EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/04/03 1:36 p.m.11 views

CVE-2025-32051

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

5.9CVSS5.7AI score0.00519EPSS
Exploits0
CVE
CVE
added 2025/04/03 1:36 p.m.104 views

CVE-2025-32051

Libsoup contains a vulnerability CVE-2025-32051 where soup_uri_decode_data_uri() may crash while processing malformed data URIs, leading to a DoS. Connected advisories (SUSE/SUSE-SU-2025 series, Mageia MGASA-2025-0261, and Diz/ Nessus references) confirm this CVE among multiple libsoup issues and...

5.9CVSS6.8AI score0.00519EPSS
Exploits0References3
Rows per page
Query Builder