43 matches found
CVE-2026-12549
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
EUVD-2026-38279
The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...
EUVD-2026-33965
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...
CVE-2026-9137
The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...
CVE-2026-9137
The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...
CVE-2026-9137 CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit
The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...
EUVD-2026-31155
The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion...
CVE-2026-9137
The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...
CVE-2026-9137
CVE-2026-9137 affects the CSP report endpoint in MISP. The endpoint intended to cap CSP report payloads at 1 KB was incorrectly allowing reports up to 1 MB before truncation, enabling potential log flooding and resource exhaustion on deployments where the endpoint is reachable by untrusted client...
CVE-2026-9137 CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit
The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...
MISP 资源管理错误漏洞
MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a resource management...
PT-2026-42248
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The CSP report endpoint incorrectly allowed reports up to 1 MB before truncation, despite being intended to limit logged CSP reports to 1 KB. When this endpoint ...
PT-2026-41779
Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.12.0 Description Two FastAPI routes used for serving per-component static assets accept a sub-path parameter that can resolve to a directory instead of a file. When a request resolves to a directory, it triggers an...
EUVD-2025-208344
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debugrnglists data. A logic error in the handling of the debugrnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an...
CVE-2025-58582 Uncontrolled Resource Consumption via log file
If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged...
EUVD-2022-37742
Malicious code in bioql PyPI...
EUVD-2025-21186
Malicious code in bioql PyPI...
CVE-2025-53636
Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service DoS to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6...
CVE-2025-53636
Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service DoS to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6...
CVE-2025-53636 Open OnDemand Shell App closed websocket DoS
Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service DoS to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6...