Lucene search
K

29 matches found

NVD
NVD
added 2026/07/07 4:16 p.m.12 views

CVE-2026-56812

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

7.5CVSS0.00447EPSS
Exploits1References7
EUVD
EUVD
added 2026/07/07 3:22 p.m.6 views

EUVD-2026-42050

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:22 p.m.9 views

CVE-2026-56812

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS6AI score0.00447EPSS
Exploits1References8
CVE
CVE
added 2026/07/07 3:22 p.m.16 views

CVE-2026-56812

The Phoenix JavaScript presence client suffers a client-side denial of service due to an unsafe existence check in Presence.syncState() and Presence.syncDiff(). By using a bare truthiness test (state[key]) to detect existing presences, attacker-controlled keys that collide with Object.prototype (...

7.5CVSS6AI score0.00447EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/07/07 3:22 p.m.33 views

CVE-2026-56812 Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix Presence JavaScript client allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is...

6.3CVSS0.00447EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 3:9 p.m.7 views

EEF-CVE-2026-56811 Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll...

8.7CVSS6AI score0.0042EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:9 p.m.7 views

CVE-2026-56811

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix Phoenix.Socket module allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport WebSocket or LongPoll. This...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/05/08 8:24 p.m.18 views

EUVD-2026-27339

Phoenix: Long-poll NDJSON body splitting causes large memory allocation...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.14 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.10 views

SUSE CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 5:31 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview phoenix is a The official JavaScript client for the Phoenix web framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Elixir.Phoenix.Transports.LongPoll POST requests handling with Content-Type: application/x-ndjson. A...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
NVD
NVD
added 2026/05/05 4:16 p.m.25 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS0.00469EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 3:17 p.m.17 views

CVE-2026-32689

CVE-2026-32689 affects Phoenix (Elixir) LongPoll transport: in Elixir.Phoenix.Transports.LongPoll publish/4, a POST with Content-Type: application/x-ndjson is split by newline without a limit, turning a small payload into enormous lists of empty binaries and a second large list via Enum.map, caus...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:17 p.m.5 views

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/05 3:17 p.m.52 views

CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS0.00469EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 3:17 p.m.8 views

EEF-CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Summary Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type:...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 3:17 p.m.2 views

CVE-2026-32689 Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS6AI score0.00469EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

phoenix 安全漏洞

Phoenix is a web development framework developed under the Phoenix framework open source project. Versions of Phoenix from 1.7.0 to 1.7.22, as well as 1.8.6, have security vulnerabilities. These vulnerabilities stem from the unlimited resource allocation during the processing of NDJSON data...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1710

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.0206EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.7 views

CVE-2017-1000163

The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks...

6.1CVSS6.8AI score0.0206EPSS
Exploits0References1
Rows per page
Query Builder