CVE-2026-5308 Missing request body size limits on Zoom plugin HTTP endpoints

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of request body size limits in unauthenticated HTTP endpoints. An attacker can exhaust server memory and cause process restarts by sending large or repeated HTTP...

Denial Of Service (DoS)

github.com/VictoriaMetrics/VictoriaMetrics is vulnerable to Denial of Service DoS. The vulnerability is due to the snappy decoder ignoring request size limits, which allows an attacker to send malformed compressed blocks that trigger excessive memory usage and cause service disruption...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the snappy:Decoder function. An attacker can cause excessive memory consumption and potential out-of-memory errors by sending malformed blocks that bypass request size limits. This...

GHSA-P543-XPFM-54CP Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Summary Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory OOM...

Allocation of Resources Without Limits or Throttling

Overview github.com/rancher/rancher/pkg/settings is a complete container management platform Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the request body processing. An attacker can cause the server to crash or become unresponsive b...

OESA-2025-1613 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size...

CVE-2025-46728

A flaw was found in cpp-httplib. This vulnerability allows for denial of service via oversized HTTP requests when using chunked transfer encoding or missing Content-Length headers, leading to uncontrolled memory allocation and potential server crash. Mitigation Short-term workaround through a...

Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial of Service DoS. The vulnerability is due to missing request size limits by the REST ingester when processing responses from remote REST endpoints, which allows an attacker to execute a Denial of Service attack by controlling a remote REST...