PT-2026-40786

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A request to the plugin resources endpoint can cause unbounded memory allocation because the entire request body is read into memory. An authenticated user can exploit this to trigger an...

GHSA-V7XQ-3WX6-FQC2 In monetr, unauthenticated Stripe webhook reads attacker-sized request bodies before signature validation

Summary The public Stripe webhook endpoint fully reads the request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST bodies and cause substantial memory growth, leading to denial of service. Details When Stripe webhooks are enabled,...