CVE-2026-8683 Overly long URLs crash the Mattermost Desktop App

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

CVE-2026-8683

Mattermost Desktop App

PT-2026-49243

Name of the Vulnerable Software and Affected Versions Mattermost Desktop App versions prior to 6.1 Mattermost Desktop App version 5.5.13.0 Description The application fails to properly handle attempts to open extremely long URLs. A malicious server owner can cause the application to crash by...

CVE-2019-12159

GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function when called from getRequestType via a long URL...

EUVD-2020-4907

Malware in sbrugna...

EUVD-2009-3673

Malware in sbrugna...

EUVD-2009-5119

Malware in sbrugna...

EUVD-2025-12733

Malicious code in bioql PyPI...

CVE-2010-10016

BS.Player version 2.57 build 1051 contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded i...

CVE-2009-20008 Green Dam 3.17 URL Processing Buffer Overflow

Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can...

CVE-2010-10016

BS.Player version 2.57 build 1051 contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw occurs during parsing of long URLs embedded i...

CVE-2010-10016

BS.Player 2.57 (build 1051) has a buffer overflow in playlist import when parsing .m3u files due to improper validation of entry lengths. The flaw affects Unicode parsing on the Windows client and can overwrite SEH records when processing long URLs embedded in a crafted playlist, as described acr...

PT-2025-35368

Name of the Vulnerable Software and Affected Versions: BS.Player version 2.57 build 1051 Description: BS.Player version 2.57 build 1051 contains a flaw in its playlist import functionality. When processing .m3u files, the application does not properly validate the length of playlist entries,...

CVE-1999-0281

Denial of service in IIS using long URLs...

CVE-2025-3859

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage This vulnerability affects Focus 138...

CVE-2025-3859 Firefox Focus elide URL allows address bar spoofing

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138...

firefox: thunderbird: Origin of permission prompt could be spoofed by long URL

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Truncation of a long URL could have allowed origin spoofing in a permission prompt...

BIT-ENVOY-2020-12605

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs...

PT-2023-12621 · Unknown · Cetic-6Lbr

Name of the Vulnerable Software and Affected Versions: CETIC-6LBR aka 6lbr version 1.5.0 Description: The issue is a strcat stack-based buffer overflow that occurs when a request for a long URL is made over a 6LoWPAN network. This can be exploited via the httpd.c file in the...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when echoing the request URL as an X-Up-Location response header. By making a request with exceedingly long URLs paths or query string, an attacker can cause unpoly-rails to write a exceedingly large response heade...