CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file

A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted .solv file containing negative size values in the repoaddsolv function. This leads to an undersized memory allocation and a subsequent out-of-bounds write. An attacker could...

GHSA-FPXJ-M5Q8-FPHW Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes

Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere outside test code, leaving it at Go's zero value 0 ⇒ "no limit". The same applies to the HTTP /api/v1/send endpoint, whose request body is...

Allocation of Resources Without Limits or Throttling

Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttli...

CVE-2025-61641 API list=allpages with maxsize is making really slow queries

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61641 API list=allpages with maxsize is making really slow queries

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61641

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

PT-2025-42560

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The issue involves disabling the 'maxsize' parameter within the 'QueryAllPages' function when operating in 'miser' mode. This could potentially lead to unexpected behavior or resource...

SUSE CVE-2007-1890

Integer overflow in the msgreceive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff...

GitLab: Clientside resource Exhausting by exploiting gitlab math rendering

Summary based on the documentation gitlab markdown is supporting math expresion rendering using KaTex and able to run subset syntax from LaTex this could be achieved by using 2 ways in the markdown for inline and for multiline. F476662 Steps to reproduce Step-by-step guide to reproduce the issue,...

CVE-2007-1890

Integer overflow in the msgreceive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff...

PHP Msg_Receive()内存分配整数溢出漏洞

BUGTRAQ ID: 23236 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的msgreceive函数实现上存在整数溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 PHP的msgreceive函数没有对maxsize参数执行任何检查便直接在内存分配中使用，导致整数溢出。有漏洞的代码如下： PHPFUNCTIONmsgreceive ... if zendparseparametersZENDNUMARGS TSRMLSCC, "rlzlz|blz", &queue, &desiredmsgtype, &outmsgtype,...