EUVD-2026-18186

wisp has Allocation of Resources Without Limits or Throttling...

EUVD-2025-202430

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-63402

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

CVE-2025-63402

HCLTech GRAGON vuln (CVE-2025-63402) affects GRAGON before v7.6.0. The issue arises from APIs not enforcing limits on the number or size of requests, enabling a remote attacker to execute arbitrary code. Affected product/version is GRAGON prior to 7.6.0; root cause is lack of request throttling/s...

PT-2025-48977

An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests...

CVE-2025-65942

VictoriaMetrics versions 1.0.0–1.110.22, 1.111.0–1.122.7, and 1.123.0–1.129.0 are affected by a DoS/OOM vulnerability in the Snappy decoder that ignores request size limits and can trigger excessive memory usage via malformed blocks. The underlying cause is the decoder not enforcing block-size ch...

GHSA-66JQ-2C23-2XH5 VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM

Impact Affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics request size limits allowing malformed blocks to trigger excessive memory use. This could lead to OOM errors and service instability. The fix enforces block-size checks based on MaxRequest...

CVE-2025-54568

Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node...

CVE-2025-54568

Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node...

SUSE-SU-2025:02280-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. ...

SUSE SLES15 / openSUSE 15 Security Update : tomcat10 (SUSE-SU-2025:02261-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02261-1 advisory. - Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - Fixed limits the total number of par...

SUSE-SU-2025:02261-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. - Fixed expand checks for...

CVE-2025-46728

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...

UBUNTU-CVE-2022-49533

In the Linux kernel, the following vulnerability has been resolved: ath11k: Change max no of active probe SSID and BSSID to fw capability The maximum number of SSIDs in a for active probe requests is currently reported as 16 WLANSCANPARAMSMAXSSID when registering the driver. The scanreqparams...

CVE-2024-49767

A flaw was found in the Werkzueg web application library. Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting and trigger a denial of service. Mitigation The...

Werkzeug possible resource exhaustion when parsing file data in forms

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting. The Request.maxcontentlength setting, as well as resource limits provided by deployment software and platforms,...

Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies

Impact Instances of the Apollo Router using either of the following may be impacted by a denial-of-service vulnerability. 1. External Coprocessing with specific configurations; or 2. Native Rust Plugins accessing the Router request body in the RouterService layer Router customizations using Rhai...

CVE-2023-27901

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

CVE-2023-27901

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service...

PYSEC-2021-21

Sydent is a reference Matrix identity server. Sydent does not limit the size of requests it receives from HTTP clients. A malicious user could send an HTTP request with a very large body, leading to memory exhaustion and denial of service. Sydent also does not limit response size for requests it...