2005 matches found
CVE-2026-11946 GetEndpoints Memory Exhaustion in open62541
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...
CVE-2026-54712
The CVE pertains to OpenTelemetry Java Instrumentation . In versions prior to 2.27.0 , the RMI context propagation payload reader limits the number of context entries but not the aggregate size of the strings, allowing an attacker who can reach an RMI endpoint on an instrumented JVM to send an ov...
CVE-2026-54283
A flaw was found in Starlette where the request.form method silently ignores configured resource limits maxfields and maxpartsize when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number...
axios: Axios: Denial of Service due to unenforced request and response size limits
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
CVE-2026-7829 UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token
UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...
CVE-2026-7829
UltraVNC repeater (= destination size, the NUL byte is written past the end of the stack array, corrupting adjacent data and potentially enabling code execution on the repeater host. An attacker with admin credentials (including via CVE-2026-7839 default password) can trigger this. The provided d...
EUVD-2026-40880
UltraVNC repeater through 1.8.2.2 contains an integer overflow in the HTTP request logging path. In repeater/webgui/settings.c:336, the winlog function allocates list nodes via mallocsizeofstruct LIST + strlenline, where line is derived from HTTP request URIs. If strlenline is sufficiently large,...
kernel: dlm: validate length in dlm_search_rsb_tree
A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...
rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...
UBUNTU-CVE-2026-53917
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message...
CVE-2026-50734 Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All: Pre-authentication OpenWire memory-allocation DoS during wire format negotiation
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...
CVE-2026-49839
A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...
Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend
...
netfilter: ip6t_hbh: reject oversized option lists
...
CVE-2026-57918
libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...
CVE-2026-53209
A flaw was found in the Bluetooth subsystem of the Linux kernel, specifically within the hcisync component. This vulnerability occurs when the hciadvbcastannoucement function attempts to prepend Broadcast Announcement service data to an existing advertising payload that is already at its maximum...
BIT-GRAFANA-2026-42127 Grafana pre-auth DoS through arbitrarily large input to public dashboard query handler
The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily large JSON payloads. This can lead to denial of service through memory exhaustion. No valid dashboard access tok...
EUVD-2026-39572
Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...