PT-2026-39242

Name of the Vulnerable Software and Affected Versions Volcano versions prior to 1.14.2 Volcano versions prior to 1.13.3 Volcano versions prior to 1.12.4 Description The Volcano webhook server fails to enforce a size limit on incoming HTTP request bodies. This allows any in-cluster pod capable of...

Linux Distros Unpatched Vulnerability : CVE-2026-22260

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3...

UBUNTU-CVE-2026-22260

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

CVE-2026-22260 Suricata http1: infinite recursion in decompression

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

PT-2026-4985

Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches the issue. As a workaround, use default values for request-body-limit and response-body-limit...

CVE-2025-61770

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

EUVD-2022-6873

Malicious code in bioql PyPI...

TencentOS Server 2: httpd (TSSA-2025:0526)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0526 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

UBUNTU-CVE-2024-46292

A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usab...

RUSTSEC-2024-0365 Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the Diesel Gitter Channel: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to...

GHSA-95X4-J7VC-H8MF ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits

Summary Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the...

GHSA-2GG5-7C4V-6XX2 Duplicate of GHSA-m77f-652q-wwp4

Duplicate advisory This advisory is a duplicate of GHSA-m77f-652q-wwp4. This link is maintained to preserve external references. Original Description ::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infini...

RUSTSEC-2022-0055 No default limit put on request bodies

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally: -...

No default limit put on request bodies

::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infinite body your server might run out of memory and crash. This also applies to these extractors which used Bytes::fromrequest internally: -...

MGASA-2013-0179 apache-mod_security new security issue CVE-2013-2765

Updated apache-modsecurity packages fix security vulnerability: When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on...