25 matches found
CVE-2026-5308
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
EUVD-2026-31425
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
CVE-2026-5308
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
PT-2026-42749
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...
Mattermost doesn't limit the size of the request body on the start meeting API endpoint
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...
EUVD-2026-30737
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...
PT-2026-41639
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to limit the size of the request body on the start meeting API endpoint, which allows an authenticated attacker to cause resource exhaustion or denial of service via a crafted oversized HTTP POST request to...
Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor
Severity: Medium Component: Webhook Interceptor server/auth/webhook Vulnerability Type: Denial of Service DoS Description The Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint,...
GHSA-X274-8QFC-HRGF Mattermost MS Teams plugin doesn't limit the request body size on the /lifecycle webhook endpoint
Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...
Mattermost MS Teams plugin doesn't limit the request body size on the /lifecycle webhook endpoint
Mattermost Plugins versions =2.3.1 fail to limit the request body size on the /lifecycle webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610...
Fleet's unbounded request body read allows remote Denial of Service
Summary Fleet contained multiple unauthenticated HTTP endpoints that read request bodies without enforcing a size limit. An unauthenticated attacker could exploit this behavior by sending large or repeated HTTP payloads, causing excessive memory allocation and resulting in a denial-of-service DoS...
CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...
CVE-2025-55181
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...
EUVD-2022-27864
Malicious code in bioql PyPI...
CVE-2024-58259
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory...
SUSE CVE-2024-58259
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public unauthenticated and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request body processing. An attacker can cause the server to crash or become unresponsive by sending excessively large payloads to certain API endpoints, leading to resource...
PT-2025-35332
Name of the Vulnerable Software and Affected Versions Rancher Manager versions 2.9.12, 2.10.9, 2.11.5, and 2.12.1 Description A high-severity Denial of Service DoS flaw exists in Rancher Manager, allowing attackers to crash servers by sending oversized API requests to certain public unauthenticat...
Litestar 安全漏洞
Litestar is a powerful, flexible but stubborn ASGI framework open-sourced by Litestar. A security vulnerability exists in Litestar versions prior to 2.13.0 that stems from the lack of a default limit on the total size of the request body, allowing an attacker to upload arbitrarily large files and...
Security Bulletin: Apache Tomcat vulnerabilities affect IBM SAN Volume Controller and Storwize Family (CVE-2014-0227 CVE-2014-0230)
Summary Apache Tomcat DoS and unauthorized access vulnerabilities Vulnerability Details This bulletin relates to vulnerabilities in the Apache Tomcat component which is used to provide the product’s management GUI. The CLI interface is unaffected. CVEID: CVE-2014-0227 DESCRIPTION: Apache Tomcat i...