Lucene search
K

5 matches found

NVD
NVD
added 2026/06/19 7:16 p.m.7 views

CVE-2026-9375

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51014

Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...

7.5CVSS7.4AI score0.00304EPSS
Exploits0References15
CVE
CVE
added 2026/03/06 8:42 p.m.17 views

CVE-2026-29795

CVE-2026-29795 affects the stellar-xdr crate (StringM::from_str bypasses the max length validation). Affected: versions prior to 25.0.1. Root cause: input strings longer than MAX are accepted, producing StringM with violated length invariant. Impact: potential propagation through serialization/va...

7.5CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/06 8:42 p.m.24 views

CVE-2026-29795 stellar-xdr: `StringM::from_str` bypasses max length validation

stellar-xdr is a library and CLI containing types and functionality for working with Stellar XDR. Prior to version 25.0.1, StringM::fromstr does not validate that the input length is within the declared maximum MAX. Calling StringM::::fromstrs where s is longer than N bytes succeeds and returns a...

4CVSS0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.16 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse versions prior to 2.8.14 stable, 2.9.0.beta16 beta and tests-passed. An attacker can exploit this vulnerability to create posts...

6.5CVSS6.4AI score0.00575EPSS
Exploits0References3
Rows per page
Query Builder