CVE-2026-10725 Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

CVE-2021-30141

Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid...

PT-2025-48535

Name of the Vulnerable Software and Affected Versions python3.9 python3.11 python3.13 Description When reading an HTTP response from a server, if no read amount is specified, the default behavior is to use Content-Length. This allows a malicious server to cause the client to read large amounts of...