Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`

Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures e.g. Plug.Parsers' default 8 MB length: and buffers the entire body in memory before the application sees it. An unauthenticated attacker can crash any Bandit-fronted Phoenix/Plug app...

CVE-2025-9677 Modo Legend of the Phoenix com.duige.hzw.multilingual AndroidManifest.xml improper export of android application components

A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs t...

CVE-2024-41951 PheonixAppAPI has visible Encoding Maps

Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4...

phoenix - Customized SSL, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application phoenix published at the 'play' market has multiple vulnerabilities...