NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion

NPM: NocoDB: Missing File Size Enforcement in Upload-by-URL Allows Denial of Service via Disk Exhaustion vulnerability discovered by ? in WordPress Npm nocodb versions = 0.301.3...

CVE-2026-44456 Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Th...

Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

Summary bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Details For chunked / unknown-length requests, bodyLimit wraps the body in a stream that counts...

PT-2026-34265

Name of the Vulnerable Software and Affected Versions Telerik UI for AJAX versions prior to 2026.1.421 Description RadAsyncUpload contains an uncontrolled resource consumption issue. This occurs because of missing cumulative size enforcement during chunk reassembly, which allows file uploads to...

GHSA-3WQ7-RQQ7-WX6J AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

Summary For some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. Impact If an application uses Request.post an attacker can send a specially crafted multipart request to force significant temporary memory allocation even when the request is ultimate...

AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS

Summary For some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. Impact If an application uses Request.post an attacker can send a specially crafted multipart request to force significant temporary memory allocation even when the request is ultimate...

CVE-2026-34517 AIOHTTP: Late size enforcement for non-file multipart fields causes memory DoS

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

PT-2025-32312 · Ruby-Jwt +1 · Ruby-Jwt +1

Name of the Vulnerable Software and Affected Versions: ruby-jwt version 3.0.0.beta1 Description: ruby-jwt v3.0.0.beta1 contains weak encryption. The supplier notes that key size is not enforced by the library itself, and restrictions imposed by recent versions of OpenSSL may apply to users of the...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

CVE-2025-45765

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...

CVE-2024-40974

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plparhcall, plparhcall9, and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through...

Mitre: CVE-2023-24023 Bluetooth Vulnerability

Microsoft is aware of the Bluetooth Forward and Future Secrecy Attacks and Defenses BLUFFS vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that enforces the us...

Apache Qpid Broker-J Denial of Service Vulnerability

Apache Qpid is the United States Apache Apache Software Foundation developed an object-oriented messaging middleware , it is an AMQP Advanced Message Queuing Protocol implementation , you can communicate with AMQP-compliant systems , and provides a C++, Python, Java, C and other programming...

openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)

update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...