Lucene search
K

20 matches found

Snyk
Snyk
added 2026/05/08 8:44 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 8:44 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 8:44 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 8:44 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 8:44 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 8:44 p.m.8 views

GHSA-8WXP-XXP2-RCGX Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size

Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook...

6.8CVSS5.8AI score0.00173EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the WSGI server not setting an upper limit when reading HTTP request bodies and disabling...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.8 views

Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.9AI score0.00769EPSS
Exploits0References6Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.5 views

SUSE CVE-2026-26061

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS5.8AI score0.00434EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 6:23 p.m.5 views

CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 6:23 p.m.4 views

CVE-2026-26061 Fleet's unbounded request body read allows remote Denial of Service

Fleet is open source device management software. Prior to 4.81.0, Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive...

8.7CVSS5.9AI score0.00434EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 7:40 a.m.6 views

CVE-2025-67731 Servify Express does not enforce rate limiting when parsing JSON

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performanc...

8.7CVSS6.6AI score0.00346EPSS
Exploits0References5
Snyk
Snyk
added 2025/08/29 3:38 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview github.com/rancher/rancher/pkg/settings is a complete container management platform Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request body processing. An attacker can cause the server to crash or become unresponsive b...

8.8CVSS7AI score0.00482EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-26044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a...

5.3CVSS5.5AI score0.0068EPSS
Exploits0References2
Veracode
Veracode
added 2025/01/07 7:14 a.m.10 views

Denial Of Service (DoS)

github.com/clidey/whodb is vulnerable to Denial of Service DoS. The vulnerability is due to the server reading the entire request body into memory without size limits, which allows an attacker to send large request bodies to the server, leading to memory exhaustion and potentially resulting in a...

7AI score
Exploits0
OSV
OSV
added 2023/05/17 5:24 p.m.226 views

CVE-2023-26044 ReactPHP's HTTP server continues parsing unused multipart parts after reaching limits

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impa...

5.3CVSS5.2AI score0.0068EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.5 views

ReactPHP HTTP 资源管理错误漏洞

ReactPHP HTTP is a ReactPHP event-driven, streaming HTTP client and server implementation of ReactPHP open source. A resource management error vulnerability exists in ReactPHP HTTP versions 0.8.0 through 1.9.0, which stems from a vulnerability that can lead to high CPU loads when processing large...

5.3CVSS5.6AI score0.0068EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/04/04 9:36 p.m.33 views

CVE-2023-27492

A flaw was found in Envoy. This issue may allow attackers to send large request bodies for routes that have the Lua filter enabled, which will trigger a crash...

4.8CVSS7AI score0.00686EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/11 12:0 a.m.7 views

PT-2022-20509 · Kubeedge · Kubeedge

Name of the Vulnerable Software and Affected Versions: KubeEdge versions prior to 1.11.1 KubeEdge versions prior to 1.10.2 KubeEdge versions prior to 1.9.4 Description: KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge...

6.5CVSS7AI score0.00702EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/05/01 3:19 p.m.6 views

CVE-2022-21230

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to ...

5.5CVSS6AI score0.00289EPSS
Exploits0References5
Rows per page
Query Builder