Lucene search
K

889 matches found

Cvelist
Cvelist
added yesterday7 views

CVE-2024-7708

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2024-7708

CVE-2024-7708 describes a buffer leak occurring when reading the body of HTTP requests; this can happen for requests with a body, especially under slow network conditions (notably 100-Continue). The published metrics show a CVSS v3.1 base score of 7.5 (HIGH) with Network attack vector, no privile...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2024-55651

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS6.1AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 9:16 a.m.4 views

UBUNTU-CVE-2026-45822

decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode function splits input on '%' producing N tokens and calls decodeComponents, exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/26 9:57 p.m.6 views

Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM

Summary hackneyh3:awaitresponseloop/6 in src/hackneyh3.erl accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer, not a wall-clock deadline: every received streamdata chunk, housekeeping select message, or settings frame...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38874

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6rcv Caching saddr and daddr before pskbpull is problematic since skb-head can change. Remove these temporary variables: - We only access &ipv6hdrskb-saddr and &ipv6hdrskb-daddr when netdbgratelimit...

5.7AI score0.00377EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/23 2:20 a.m.8 views

SUSE CVE-2026-52911

In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...

5.8AI score0.00362EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37578

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...

6.9CVSS5.4AI score0.00394EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 1:20 p.m.11 views

CVE-2026-27869

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...

6.9CVSS0.00394EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/17 8:13 a.m.8 views

CVE-2026-27869 WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...

6.9CVSS5.4AI score0.00394EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 8:13 a.m.31 views

CVE-2026-27869 WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT

An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could, with a Slow Loris attack, cause Denial of Service DoS on the web interface of the device. This issue affects Regesta Smart...

6.9CVSS0.00394EPSS
Exploits0References5
CVE
CVE
added 2026/06/17 8:13 a.m.13 views

CVE-2026-27869

The CVE-2026-27869 entry concerns the Regesta Smart HD-PLC by Teldat (model TLDPH16D2, 11.02.05.10.02). An attacker on the network can perform a Slow Loris-style attack to cause a Denial of Service on the device’s web interface. The impact is a DoS with network access and low attack complexity; c...

6.9CVSS5.4AI score0.00394EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50257

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network-based attacker can cause a Denial of Service DoS on the web interface of the device using a Slow Loris attack. This technique involves sending partial HTTP requests...

6.9CVSS6AI score0.00394EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 11:39 p.m.12 views

Malicious code in slow-surf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f66d2ad1de3674c7aa5dd5efdb00624f0d1ff7f6f1ed38f054e6ca018dea673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/15 11:39 p.m.11 views

MAL-2026-5848 Malicious code in slow-surf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f66d2ad1de3674c7aa5dd5efdb00624f0d1ff7f6f1ed38f054e6ca018dea673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.4AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 9:55 p.m.38 views

CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS0.00344EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 9:55 p.m.7 views

CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 9:55 p.m.20 views

CVE-2026-48854

The CVE-2026-48854 affects the elixir-grpc/grpc project. The vulnerability resides in Elixir.GRPC.Server.Adapters.Cowboy.Handler:read_full_body/3, which accumulates every received chunk into a growing binary with no size cap. If the grpc-timeout header is omitted, per-chunk read timeouts resolve ...

8.7CVSS5.4AI score0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 9:55 p.m.7 views

EEF-CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read\full\body/3...

8.7CVSS5.4AI score0.00344EPSS
Exploits0References4
Mageia
Mageia
added 2026/06/10 5:7 a.m.16 views

Updated golang-x-net packages fix security vulnerability

CVE-2024-45338 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.5AI score0.00874EPSS
Exploits0References2
Rows per page
Query Builder