Lucene search
K

37 matches found

Cvelist
Cvelist
added 2026/06/23 8:37 p.m.26 views

CVE-2026-46553 NocoDB: Attachment Size Limit Bypass via Upload-by-URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured...

5.3CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:8 p.m.20 views

CVE-2026-48990 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS0.00163EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49735

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.25 Description The Body Limit Middleware trusts the Content-Length header to determine if a request body is within the allowed limit. In environments such as AWS Lambda including API Gateway v1/v2, ALB, VPC Lattice,...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/15 8:9 p.m.15 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the C HTTP parser when the maxlinesize check is bypassed for fragmented lines. An attacker can cause excessive memory consumption by sending oversized HTTP request lines, potential...

8.7CVSS5.3AI score0.00322EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/22 6:16 p.m.20 views

CVE-2026-42627

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6.2CVSS6AI score0.00132EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 12:0 a.m.20 views

EUVD-2026-31476

In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based buffer over-read during model optimization. The overflow occurs when multiplying tensor dimensions...

6AI score0.00132EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 8:38 p.m.10 views

GHSA-8RWR-F68V-CVW6 NocoDB: Attachment Size Limit Bypass via Upload-by-URL

Summary The upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:38 p.m.21 views

NocoDB: Attachment Size Limit Bypass via Upload-by-URL

Summary The upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42679

Name of the Vulnerable Software and Affected Versions NocoDB affected versions not specified Description An issue exists where the upload-by-URL path fails to enforce the NC ATTACHMENT FIELD SIZE limit against the remote file's advertised Content-Length or the decoded length of a data: URI. This...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References8
CVE
CVE
added 2026/05/13 2:58 p.m.15 views

CVE-2026-44456

CVE-2026-44456 affects hono; prior to version 4.12.16, bodyLimit() may fail to enforce maxSize for requests without Content-Length (e.g., Transfer-Encoding: chunked), allowing oversized requests to reach handlers and potentially return 200 instead of 413. The issue is resolved in 4.12.16. Affecte...

6.5CVSS5.8AI score0.00219EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.99 views

Exploit for CVE-2026-38361

CVE-2026-38361: Multiple Unauthenticated DoS Vulnerabilities i...

6.1AI score0.05982EPSS
Exploits5
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:49 p.m.3 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/10 5:24 p.m.2 views

EUVD-2026-21502

@sveltejs/adapter-node has a BODYSIZELIMIT bypass...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 5:24 p.m.1 views

GHSA-2CRG-3P73-43XP @sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/10 5:24 p.m.15 views

@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/04/10 5:17 p.m.6 views

CVE-2026-35602

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

7.1CVSS0.00338EPSS
Exploits1References3
CVE
CVE
added 2026/04/10 4:24 p.m.29 views

CVE-2026-40073

SvelteKit (framework for building web apps with Svelte) contains a vulnerability in adapter-node prior to version 2.57.1 where, under certain conditions, requests could bypass the BODY_SIZE_LIMIT. The issue is scoped to SvelteKit applications using adapter-node and does not affect body size limit...

8.2CVSS5.8AI score0.00543EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/10 4:10 p.m.29 views

CVE-2026-35602

Summary: CVE-2026-35602 affects Vikunja prior to v2.3.0, where the file import endpoint uses the attacker-controlled Size from the JSON metadata instead of the decompressed file length to enforce max file size, allowing an attacker to bypass the limit by setting Size to 0. This leads to potential...

7.1CVSS5.7AI score0.00338EPSS
Exploits1References3Affected Software1
Ubuntu
Ubuntu
added 2026/04/09 5:30 p.m.11 views

USN-8154-2: Django vulnerabilities

USN-8154-1 fixed vulnerabilities in Django. This update provides the corresponding updates for Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled copying memory when parsing multipart uploads with excessive whitespace. A remo...

9.8CVSS6AI score0.00689EPSS
Exploits1
NVD
NVD
added 2026/04/02 11:16 a.m.7 views

CVE-2026-32145

Allocation of Resources Without Limits or Throttling vulnerability in gleam-wisp wisp allows a denial of service via multipart form body parsing. The multipartbody function bypasses configured maxbodysize and maxfilessize limits. When a multipart boundary is not present in a chunk, the parser tak...

8.7CVSS0.00622EPSS
Exploits0References4
Rows per page
Query Builder