Lucene search
K

63 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40303

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

5.7CVSS5.7AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-53433 Denial of Service in fzf

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

5.7CVSS0.00111EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

netty-incubator-codec-ohttp 安全漏洞

netty-incubator-codec-ohttp is an application developed by the Netty community. Versions prior to 0.0.22.Final of netty-incubator-codec-ohttp contain security vulnerabilities. These vulnerabilities stem from the codec-ohttp implementation, which does not verify whether a final block with a...

8.7CVSS5.3AI score0.00167EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:48 p.m.7 views

CVE-2026-44516

Valtimo is an open-source business process automation platform. From 12.4.0 to 12.33.0 and 13.26.0, the LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers...

7.6CVSS5.8AI score0.002EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/21 5:56 p.m.4 views

CVE-2026-40608 Next AI Draw.io: Unbounded HTTP Body — Denial of Service

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.8AI score0.00146EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/02 10:13 p.m.4 views

CVE-2025-55181

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...

5.3CVSS6.4AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2025/11/26 11:15 p.m.4 views

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS0.00278EPSS
Exploits0References1
OSV
OSV
added 2025/11/26 11:15 p.m.4 views

DEBIAN-CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/11/26 11:0 p.m.5 views

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS5.3AI score0.00278EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/11/26 11:0 p.m.3 views

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

7.5CVSS7AI score0.00278EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1722

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00732EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:19 a.m.8 views

CVE-2024-51242

A Server-Side Request Forgery SSRF vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF...

6.5CVSS7AI score0.0042EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.11 views

CVE-2022-3252

Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects HTTPRequestDecompressor and HTTPResponseDecompressor both failed to detect when the decompressed body was...

7.5CVSS7.1AI score0.00732EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 9:15 p.m.10 views

CVE-2024-51242

A Server-Side Request Forgery SSRF vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF...

6.5CVSS0.0042EPSS
Exploits1References1
OSV
OSV
added 2024/10/30 9:15 p.m.6 views

CVE-2024-51242

A Server-Side Request Forgery SSRF vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF...

6.5CVSS7.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.6 views

PT-2024-34570 · Eladmin · Eladmin

Name of the Vulnerable Software and Affected Versions: eladmin versions 2.7 and earlier Description: A Server-Side Request Forgery SSRF issue has been identified. The manipulation of the HTTP Body ip parameter leads to SSRF. This occurs in the ServerDeployController.java file. Recommendations: Fo...

6.5CVSS6.3AI score0.0042EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.15 views

CVE-2024-51242

A Server-Side Request Forgery SSRF vulnerability has been identified in eladmin 2.7 and earlier in ServerDeployController.java. The manipulation of the HTTP Body ip parameter leads to SSRF...

0.0042EPSS
Exploits1References1
OSV
OSV
added 2024/06/15 12:0 a.m.8 views

OPENSUSE-SU-2024:10492-1 perl-HTTP-Body-1.22-1.4 on GA media

These are all security issues fixed in the perl-HTTP-Body-1.22-1.4 package on the GA media of openSUSE Tumbleweed...

6.8CVSS6.2AI score0.02877EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2024-0127)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.7AI score0.02877EPSS
Exploits0References4
Mageia
Mageia
added 2024/04/13 4:56 p.m.37 views

Updated perl-HTTP-Body packages fix security vulnerability

HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module for Perl uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume...

6.8CVSS7AI score0.02877EPSS
Exploits0References2
Rows per page
Query Builder