Lucene search
K

308 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42876

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42867

SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...

2.1CVSS6.3AI score0.00163EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago18 views

EUVD-2026-34012

Tesla vulnerable to multipart part smuggling via unescaped content-disposition values...

2.1CVSS5.9AI score0.00143EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago18 views

EUVD-2026-34015

Tesla has decompression bomb on response body...

8.2CVSS5.9AI score0.00329EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago12 views

EUVD-2026-34016

Tesla has CRLF injection in request Content-Type header via addcontenttypeparam...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago14 views

EUVD-2026-33940

mint: Unbounded CONTINUATION/HEADERS frame accumulation CONTINUATION flood...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/06 9:17 a.m.31 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/07/06 9:17 a.m.12 views

CVE-2026-56810

CVE-2026-56810 affects mint: a memory-denial vulnerability in Mint.HTTP1.decode_body/5 where chunked HTTP response bodies are buffered in an unbounded data_buffer until the entire declared chunk length completes. The chunk size is parsed with no upper bound, enabling a remote attacker to send an ...

8.7CVSS6AI score0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 9:17 a.m.2 views

CVE-2026-56810 mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/06 9:3 a.m.31 views

CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS0.00438EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/06 9:3 a.m.5 views

EUVD-2026-41861

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:3 a.m.6 views

CVE-2026-58226

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/06 9:3 a.m.6 views

CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/02 1:50 p.m.6 views

CVE-2026-48853

A flaw was found in the grpc component of elixir-grpc. This vulnerability allows unauthenticated attackers to send specially crafted messages, leading to two critical outcomes. First, it can cause a Denial of Service DoS by crashing the Erlang virtual machine BEAM node. Second, under certain...

9.8CVSS7.5AI score0.00573EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/30 6:32 p.m.18 views

EUVD-2026-31974

obanweb: Unbounded range expansion in cron describe causes memory exhaustion...

5.9CVSS5.8AI score0.00341EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.26 views

CVE-2026-54889 Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 7:10 p.m.15 views

CVE-2026-54889

Summary: CVE-2026-54889 security issue in Elixir.MDEx.mdex Delta conversion path allows XSS via unsanitized URL schemes in Quill Delta output. The vulnerability arises when Elixir.MDEx.DeltaConverter.default_convert_node/3 copies the URL from link, wikilink, or image nodes into the Delta attribut...

5.1CVSS5.7AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 7:10 p.m.26 views

CVE-2026-54888 Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex

Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document struct and Comrak's internal AST using two mutually recursive Rust functions, exdocumenttocomrakast and comrakasttoexdocument, in the NI...

6.9CVSS0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53687

Name of the Vulnerable Software and Affected Versions leandrocp mdex versions 0.8.3 through 0.13.1 Description Improper neutralization of input during web page generation allows cross-site scripting XSS via unsanitized URL schemes in Quill Delta output. The function to delta/2 converts Markdown...

5.1CVSS5.9AI score0.0031EPSS
Exploits0References7
Rows per page
Query Builder