36011 matches found
Allocation of Resources Without Limits or Throttling
Overview phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type: application/x-ndjson. A...
CVE-2026-32689
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...
EEF-CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:...
CVE-2026-32689
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...
CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...
CVE-2026-32689
CVE-2026-32689 affects Phoenix (Elixir) LongPoll transport: in Elixir.Phoenix.Transports.LongPoll publish/4, a POST with Content-Type: application/x-ndjson is split by newline without a limit, turning a small payload into enormous lists of empty binaries and a second large list via Enum.map, caus...
CVE-2026-22745
A flaw was found in Spring MVC and Spring WebFlux applications. When an application is configured to serve static resources from the file system on a Windows platform, a remote attacker can send specially crafted requests that are slow to resolve. This can keep HTTP connections in use, leading to...
CVE-2026-30246
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...
EUVD-2026-27313
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...
CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...
CVE-2026-30246
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...
EUVD-2023-60566
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...
osint-automation-engine
🛡️ OSINT Framework V6.1 !Bashhttps://img.shields.io/badge...
CVE-2023-54345
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...
dotnet: .NET: Denial of Service via Infinite Recursion in XmlDecryptionTransform
A flaw was found in .NET. A remote attacker could exploit this vulnerability by crafting a malicious XML document that triggers an infinite recursion within the XmlDecryptionTransform component. This could lead to a Denial of Service DoS, making the affected system unresponsive...
CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution
Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...
Automation-Exploit-Legacy
Automation-Exploit Legacy Prototype This repository contain...
Redefining AI Red Teaming in the Agentic Era: From Weeks to Hours
AI systems are entering critical domains like healthcare, finance, and defense, yet remain vulnerable to adversarial attacks. While AI red teaming is a primary defense, current approaches force operators into manual, library-specific workflows. Operators spend weeks hand-crafting workflows -...
phoenix 安全漏洞
Phoenix is a web development framework developed under the Phoenix framework open source project. Versions of Phoenix from 1.7.0 to 1.7.22, as well as 1.8.6, have security vulnerabilities. These vulnerabilities stem from the unlimited resource allocation during the processing of NDJSON data...
This Week in Spring - May 5th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...