Lucene search
+L

53 matches found

NVD
NVD
added 2026/07/10 12:17 p.m.7 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/10 11:14 a.m.38 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
OSV
OSV
added 2026/07/10 11:14 a.m.3 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References14
OSV
OSV
added 2026/07/06 5:47 a.m.5 views

BIT-ACTIVEMQ-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:16 a.m.9 views

CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS0.00796EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.6 views

UBUNTU-CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.9AI score0.00796EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 12:49 a.m.10 views

CVE-2026-12681

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 12:49 a.m.19 views

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score0.00191EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 4:41 p.m.8 views

GHSA-W4C6-7R69-W7J9 klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

7.5CVSS5.6AI score0.0005EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-48347

Name of the Vulnerable Software and Affected Versions klever-go versions 1.7.14 through 1.7.17 Description The REST API in the seednode and node components is susceptible to a denial of service attack. This occurs because the application uses the Gin framework's Engine.Run function, which relies ...

7.5CVSS5.9AI score0.0005EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/12/18 8:32 p.m.3 views

CVE-2025-62000

BullWall Ransomware Containment may not always detect an encrypted file. This issue affects a specific file inspection method that evaluates file content based on header bytes. An authenticated attacker could encrypt files, preserving the first four bytes and preventing this particular method fro...

7.1CVSS5.6AI score0.00204EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/12/27 2:54 p.m.8 views

CLSA-2024-1735311253 squid: Fix of CVE-2023-5824

CVE-2023-5824: do not send serialized HTTP response header bytes in storeClientCopy answers. Ignore serialized header size when calling storeClientCopy...

7.5CVSS7.1AI score0.05229EPSS
Exploits0References1
Amazon
Amazon
added 2024/10/02 12:0 a.m.10 views

Medium: amazon-ssm-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

9.8CVSS6.8AI score0.91969EPSS
Exploits1
Amazon
Amazon
added 2024/05/30 12:0 a.m.8 views

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

7.5CVSS6.9AI score0.91969EPSS
Exploits1
OSV
OSV
added 2024/04/04 9:15 p.m.10 views

DEBIAN-CVE-2023-45288

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.9AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.9 views

AZL-39022 CVE-2023-45288 affecting package ig for versions less than 0.29.0-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.10 views

AZL-38284 CVE-2023-45288 affecting package kured for versions less than 1.15.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.16 views

AZL-39487 CVE-2023-45288 affecting package cri-tools for versions less than 1.29.0-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.9 views

AZL-39202 CVE-2023-45288 affecting package packer for versions less than 1.10.1-2

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
OSV
OSV
added 2024/04/04 9:15 p.m.17 views

AZL-39235 CVE-2023-45288 affecting package kubernetes for versions less than 1.28.4-7

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS7AI score0.91969EPSS
Exploits1References1
Rows per page
Query Builder