CVE-2026-44432

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

urllib3: urllib3 Streaming API improperly handles highly compressed data

A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...

CVE-2024-39895

Directus is a real-time API and App dashboard for managing SQL database content. A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single...

GO-2025-4155 Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

EUVD-2019-16241

Malware in sbrugna...

CVE-2025-48038 Unverified File Handles can Cause Excessive Use of System Resources

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh sshsftp modules allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4...

CVE-2019-6661

When the BIG-IP APM 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.4.1, or 11.5.1-11.6.5 system processes certain requests, the APD/APMD daemon may consume excessive resources...

CVE-2024-10935

automatic1111/stable-diffusion-webui version 1.10.0 contains a vulnerability where the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary,...

SUSE CVE-2024-10846

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

USN-7067-1: HAProxy vulnerability

It was discovered that HAProxy did not properly limit the creation of new HTTP/2 streams. A remote attacker could possibly use this issue to cause HAProxy to consume excessive resources, leading to a denial of service...

Ubuntu 18.04 LTS : HAProxy vulnerability (USN-7067-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7067-1 advisory. It was discovered that HAProxy did not properly limit the creation of new HTTP/2 streams. A remote attacker could possibly use this issue to cause HAProxy to...

GHSA-7HMH-PFRP-VCX4 Directus GraphQL Field Duplication Denial of Service (DoS)

Summary A denial of service DoS attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and...

Mattermost Denial of Service Vulnerability (CNVD-2023-9448711)

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from an inability to limit the log size of server logs, which can be exploited by an attacker to consume excessive resources and cau...

Denial Of Service (DoS)

org.eclipse.parsson:parsson is vulnerable to Denial of Service DoS. An attacker is able to exploit this vulnerability by sending a specially crafted JSON document with large numbers, which would cause the parser to consume excessive resources leading to a Denial of Service...

Denial Of Service (DoS)

Mattermost is vulnerable to Denial of Service DoS. The vulnerability is due to the /api/v4/users/ids endpoint which lacks a duplicate id check. This allows an attacker to send a request with multiple identical IDs which can consume excessive resources...

CVE-2023-5333

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...

CVE-2023-5333

Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs...

K000134748: Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102

Security Advisory Description CVE-2019-1002100 In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type:...

K41415626: Transparent DNS Cache can consume excessive resources

Security Advisory Description When transparent Domain Name System DNS cache is configured on a virtual server, undisclosed Extension Mechanisms for DNS EDNS0 queries can cause the BIG-IP system to send a large volume of User Datagram Protocol UDP traffic on the server side. Note : The DNS cache...

NewStart CGSL CORE 5.05 / MAIN 5.05 : spamassassin Vulnerability (NS-SA-2021-0159)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has spamassassin packages installed that are affected by a vulnerability: - In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the...