CVE-2026-44247 Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

CVE-2026-40481

In monetr, versions 1.12.3 and earlier expose a denial-of-service risk where the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. An unauthenticated remote attacker can send oversized POST payloads to trigger uncontrolled memory gr...