Lucene search
+L

131 matches found

RedhatCVE
RedhatCVE
added yesterday9 views

CVE-2026-33382

A flaw in Grafana's API endpoints allows remote attackers to send excessively large request bodies without authentication. This exhausts server memory, resulting in a complete denial of service DoS. Mitigation Deploy a reverse proxy or API gateway e.g., Nginx in front of Grafana configured to...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2024-55651

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 3 days ago3 views

CVE-2024-7708

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago24 views

CVE-2024-7708

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-33382

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added last week31 views

CVE-2026-33382 Denial of service via unbounded request body size

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS0.0038EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 8:14 p.m.11 views

CVE-2026-55434

The CVE affects Coder’s AI Bridge provider endpoints (v2.33.x and v2.34.x) where handlers read request bodies with io.ReadAll without a max size. An authenticated user could send oversized bodies, causing memory exhaustion and a denial of service that crashes the control plane. Patches are availa...

6.5CVSS6AI score0.00552EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/01 8:56 p.m.2 views

GHSA-28PQ-6QXG-WG5R Mailpit: Sibling-endpoint memory-exhaustion DoS via unbounded JSON body on /api/v1/messages, /api/v1/tags, and /api/v1/message/{id}/release (incomplete fix of GHSA-fpxj-m5q8-fphw)

Summary The fix for GHSA-fpxj-m5q8-fphw CVE-2026-45710, "Mailpit: Set a default 50MB p/m limit to prevent DoS via unlimited SMTP DATA and /api/v1/send body sizes" wrapped only POST /api/v1/send with http.MaxBytesReader. The four other Mailpit JSON-body API endpoints PUT /api/v1/messages...

5.3CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/22 9:4 p.m.2 views

CVE-2026-56221 Cap-go - SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...

7.1CVSS6.1AI score0.00276EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51363

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description The public dashboard query endpoint does not limit the request body size before processing. This allows unauthenticated attackers to trigger excessive memory allocation by sending arbitrarily...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.19 views

aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS a zip bomb edge case. Workaround...

8.7CVSS5.2AI score0.00279EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.8 views

CVE-2026-40608

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers /api/state, /api/restore, and /api/history-svg that process incoming requests by accumulating the entire request body into a...

6.2CVSS5.5AI score0.00146EPSS
Exploits1References1
OSV
OSV
added 2026/05/28 2:2 p.m.12 views

CLSA-2026-1779968889 Fix of 7 CVEs

SECURITY UPDATE: Authentication Bypass in digest authentication - debian/patches/CVE-2026-43512.patch: reject digest authentication attempts for unknown users in getDigest - CVE-2026-43512 SECURITY UPDATE: Account lockout bypass in LockOutRealm via case variation of user names -...

9.8CVSS5.8AI score0.01339EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:56 p.m.10 views

CVE-2026-44247 Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

6.8CVSS5.8AI score0.00173EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:56 p.m.35 views

CVE-2026-44247 Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size

Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially...

6.8CVSS0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in Mattermost versions 11.6.0 and earlier 11.6.x series, 11.5.3 and earlier 11.5.x series, 11.4.4 and earlier 11.4.x series, as well as 10.11.14 and earlier 10.11.x series. Thes...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 12:36 p.m.9 views

CLSA-2026-1779366970 tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

7.5CVSS5.8AI score0.0078EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 1:36 p.m.8 views

CVE-2026-39803

Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':readdata/2 in lib/bandit/http1/socket.ex ignores the caller-supplied :length option when...

8.7CVSS5.8AI score0.00642EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/08 8:44 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 8:44 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling excessively large HTTP request bodies. A malicious pod on the same cluster can exhaust system memory and trigger an OOM condition. Remediation Upgrade...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
Rows per page
Query Builder