Lucene search
K

4 matches found

Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: nodejs24

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7AI score0.0115EPSS
Exploits0
Cvelist
Cvelist
added 2025/10/22 9:31 p.m.15 views

CVE-2025-62706 Authlib : JWE zip=DEF decompression bomb enables DoS

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

6.5CVSS0.00418EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/04/25 2:12 p.m.3 views

SUSE CVE-2010-0205

The pngdecompresschunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of...

4.3CVSS6.8AI score0.04208EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12367

Name of the Vulnerable Software and Affected Versions Redlib versions prior to 0.36.0 Description A denial-of-service condition can be triggered by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore preferences form, leading to excessive memory consumption a...

8.7CVSS5.4AI score0.00534EPSS
Exploits0References16
Rows per page
Query Builder