11383 matches found
EUVD-2026-37747
undici WebSocket client vulnerable to denial of service via fragment count bypass...
CVE-2026-48141
NI grpc-device contains a memory leak in BeginSidebandStream that may lead to denial of service via memory exhaustion. Affected product: NI grpc-device 2.17.0 and earlier. The provided documents do not specify an available fix or remediation; no exploitation details are provided. Monitor for upda...
PT-2026-51011
Name of the Vulnerable Software and Affected Versions Grafana Tempo affected versions not specified Description A TraceQL query containing a large exemplars hint value can lead to excessive memory allocation within the Tempo instance. This condition may result in an out-of-memory crash, allowing ...
PT-2026-51014
Name of the Vulnerable Software and Affected Versions urllib3 version 2.6.3 Brotli version 1.2.0 Description A decompression bomb bypass exists in the streaming API preload content=False when Brotli support is used. This occurs because three independent code paths in response.py bypass the max...
Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...
CVE-2025-53114 CometD has acknowledgement extension out of memory
CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...
EUVD-2026-37906
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...
CVE-2026-55204
HAProxy CVE-2026-55204 affects HAProxy up to version 3.4.0. It describes a null pointer dereference in the function hpack_dht_insert (in src/hpack-tbl.c) that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. Under memory pressure, HPACK dynamic table ins...
EUVD-2026-37904
Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...
CVE-2026-55205
Hermes WebUI prior to 0.51.468 is affected by a resource-exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint. The issue allows unbounded accumulation of in-memory flow state and daemon threads, enabling repeated or concurrent requests to exhaust server memory...
EUVD-2026-37752
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass...
CVE-2026-12151
A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...
PT-2026-50708
Name of the Vulnerable Software and Affected Versions HAProxy versions prior to 3.4.0 Description A null pointer dereference occurs in the hpack dht insert function within src/hpack-tbl.c because the return value of hpack dht defrag is not validated when the memory pool is exhausted. An attacker...
CVE-2026-9675
Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...
CVE-2026-12151
Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...
EUVD-2026-37765
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...
CVE-2026-47774
CVE-2026-47774 affects Envoy prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. A vulnerability in HTTP/2 downstream request processing combines two issues: (1) cookie header bytes are not fully accounted for during request header size validation, and (2) HPACK header limits are enforced on e...
CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...
CVE-2026-9675
The CVE-2026-9675 issue affects the undici WebSocket client (new WebSocket(...)) where per-frame maxPayloadSize is enforced but the cumulative size of fragmented, uncompressed messages is not. A attacker-controlled WebSocket endpoint can stream many small fragments that pass per-frame validation ...
CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass
Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...