CVE-2025-61726

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

CVE-2025-48053 Discourse vulnerable to DoS via large URL payload in PM to a bot

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance...

K23391972: cURL and libcurl vulnerability CVE-2016-8622

Security Advisory Description The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable...

Alt-N MDaemon 2.8.5 - WebConfig Overflow Denial of Service

Alt-N MDaemon 2.8.5 - WebConfig Overflow Denial of Service source: https://www.securityfocus.com/bid/820/info The Mdaemon mail server for Windows includes a small web server for web-based remote administration. This webserver is vulnerable due to an unchecked buffer that handles incoming GET...