437 matches found
qs: qs: Denial of Service via improper input validation in array parsing
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation e.g., a=value. This bypasses the arrayLimit option, which is designed to limit the size of...
CVE-2026-57942
LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...
CVE-2026-57942 LibreTranslate - IP Spoofing via X-Forwarded-For Header
LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...
EUVD-2026-40160
LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...
GHSA-WPHV-VFRH-23Q5 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization
RFC7797 b64=false JWS payloads bypass JWSRegistry payload-size limits during deserialization Summary Testing revealed that joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength. The normal JWS compact and flattened JSON paths reject payloads above...
CVE-2026-46553
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...
CVE-2026-56324
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...
CVE-2026-56324
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...
CVE-2026-56324 Capgo - Rate Limit Bypass via User-Controlled device_id Parameter
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...
EUVD-2026-38374
Capgo before 12.128.2 contains a rate limit bypass vulnerability in the channelself endpoint that allows attackers to circumvent rate limiting by rotating the user-controlled deviceid parameter. Attackers can send multiple requests per second by changing deviceid values to flood the channeldevice...
CVE-2026-54288
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...
CVE-2026-54288
The CVE-2026-54288 issue affects the Hono Web framework prior to version 4.12.25, where the Body Limit Middleware trusts the request Content-Length header. On AWS Lambda environments (API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge), the body is fully buffered and the adapter builds the requ...
PT-2026-51412
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A rate limit bypass exists in the 'channel self' endpoint. Attackers can circumvent rate limiting by rotating the user-controlled device id parameter, enabling them to send multiple requests per...
CVE-2026-44645
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The renderLimit option is documented in docs/source/tutorials/dos.md as the...
CVE-2026-45357
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart, leading to memory and render limit...
CVE-2026-44645
CVE-2026-44645 affects LiquidJS up to version 10.25.7, where the renderLimit DoS guard can be bypassed by an empty {% for %} or {% tablerow %} body. The per-iteration time check only runs when the body contains at least one template node, so templates like {% for i in (1..N) %}{% endfor %} bypass...
CVE-2026-44645 LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The renderLimit option is documented in docs/source/tutorials/dos.md as the...
NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`
NPM: hono: Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...
GHSA-G3CQ-J2XW-WF74 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS a zip bomb edge case. Workaround...
GHSA-6PH5-FWW6-VFWV NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...