Lucene search
K

1518 matches found

OSV
OSV
โ€ขadded 2025/10/10 7:22 p.m.โ€ข3 views

CVE-2025-61919 Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, Rack::RequestPOST reads the entire request body into memory for Content-Type: application/x-www-form-urlencoded, calling rack.input.readnil without enforcing a length or cap. Large request bodies can therefo...

7.5CVSS6.5AI score0.00591EPSS
Exploits0References6
Snyk
Snyk
โ€ขadded 2025/10/10 5:33 p.m.โ€ข5 views

Allocation of Resources Without Limits or Throttling

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

8.7CVSS7AI score0.00591EPSS
Exploits0References2
CNNVD
CNNVD
โ€ขadded 2025/10/10 12:0 a.m.โ€ข2 views

Rack ่ต„ๆบ็ฎก็†้”™่ฏฏๆผๆดž

Rack is a modular Ruby web server interface open-sourced by Rack. A resource management error vulnerability exists in Rack versions prior to 2.2.20, 3.1.18, and 3.2.3, which stems from Rack::Request POST not limiting the size of the request body when processing the application/x-www-form-urlencod...

7.5CVSS6.6AI score0.00591EPSS
Exploits0References4
Vulnrichment
Vulnrichment
โ€ขadded 2025/10/09 3:0 p.m.โ€ข2 views

CVE-2025-32916 Sensitive form data in URL query parameters

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs...

1CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
โ€ขadded 2025/10/09 3:0 p.m.โ€ข6 views

EUVD-2025-33351

Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions 2.4.0p13, 2.3.0p38, 2.2.0p46, and 2.1.0 EOL may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as browser history or web server logs...

1CVSS6AI score0.00175EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2025/10/07 7:37 p.m.โ€ข4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in form-data package

Summary IBM Watson Discovery Cartridge contains a vulnerable version of form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
OSV
OSV
โ€ขadded 2025/10/07 3:16 p.m.โ€ข2 views

DEBIAN-CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

7.5CVSS5.8AI score0.00528EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2025/10/07 2:30 p.m.โ€ข6 views

CVE-2025-61770 Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

7.5CVSS0.00868EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2025/10/07 7:41 a.m.โ€ข7 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to CVE-2025-36097, CVE-2025-7783, CVE-2025-25193, CVE-2025-47278, CVE-2025-23184, CVE-2025-22872 and CVE-2024-56339...

9.4CVSS6.6AI score0.01941EPSS
Exploits1Affected Software1
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข8 views

EUVD-2017-9035

Malware in sbrugna...

9CVSS8.8AI score0.27575EPSS
Exploits2References4
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข4 views

EUVD-2017-12088

Malware in sbrugna...

5.5CVSS7.3AI score0.06869EPSS
Exploits0References4
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข4 views

EUVD-2012-3366

Malware in sbrugna...

6.5CVSS6.1AI score0.01583EPSS
Exploits0References6
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข8 views

EUVD-2012-6594

Malware in sbrugna...

9.3CVSS6.4AI score0.01064EPSS
Exploits0References7
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข6 views

EUVD-2017-6662

Malware in sbrugna...

4.3CVSS4.8AI score0.00973EPSS
Exploits0References5
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข5 views

EUVD-2018-8090

Malware in sbrugna...

7.2CVSS7AI score0.02155EPSS
Exploits1References2
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข7 views

EUVD-2018-0171

Malware in sbrugna...

7.5CVSS7.5AI score0.01386EPSS
Exploits0References5
EUVD
EUVD
โ€ขadded 2025/10/07 12:30 a.m.โ€ข5 views

EUVD-2003-1270

Malware in sbrugna...

5CVSS6.4AI score0.0164EPSS
Exploits0References4
Positive Technologies
Positive Technologies
โ€ขadded 2025/10/07 12:0 a.m.โ€ข6 views

PT-2025-41012

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 Description Rack is a modular Ruby web server interface. The Rack::Multipart::Parser component does not limit the size of the multipart preamble,...

7.5CVSS6.7AI score0.00868EPSS
Exploits0References19
RubySec
RubySec
โ€ขadded 2025/10/07 12:0 a.m.โ€ข7 views

Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Summary Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory OOM...

7.5CVSS7.2AI score0.00868EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
โ€ขadded 2025/10/06 7:16 a.m.โ€ข3 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses form-data-4.0.1.tgz and form-data-4.0.3.tgz which are vulnerable to this CVE-2024-6345

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses form-data-4.0.1.tgz and form-data-4.0.3.tgz which are vulnerable to this CVE-2024-6345 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

9.4CVSS6.8AI score0.01939EPSS
Exploits1Affected Software1
Rows per page
Query Builder