Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...

PT-2026-48925

Summary The HTTPDecoder in NIOHTTP1 enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all accumulated into the resulting...

SUSE CVE-2025-50343

An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in MatVarCreateStruct when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a...

CVE-2025-38557

In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLEMAGICBACKLIGHT can trigger a NULL pointer dereference whilst the power feature-report is toggled and sent ...

UBUNTU-CVE-2025-38557

In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLEMAGICBACKLIGHT can trigger a NULL pointer dereference whilst the power feature-report is toggled and sent ...

CVE-2025-38557 HID: apple: validate feature-report field count to prevent NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLEMAGICBACKLIGHT can trigger a NULL pointer dereference whilst the power feature-report is toggled and sent ...

CVE-2025-38557

CVE-2025-38557 : In the Linux kernel HID subsystem, a vulnerability affects the apple_backlight feature. A malicious HID device with quirk APPLE_MAGIC_BACKLIGHT can trigger a NULL pointer dereference when toggling the power feature-report if the HID descriptor declares only one field for the powe...

CVE-2025-38557 HID: apple: validate feature-report field count to prevent NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLEMAGICBACKLIGHT can trigger a NULL pointer dereference whilst the power feature-report is toggled and sent ...

CVE-2025-38557

In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLEMAGICBACKLIGHT can trigger a NULL pointer dereference whilst the power feature-report is toggled and sent ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unvalidated feature-report field count that could lead to a null pointer dereference...