CVE-2026-40608

CVE-2026-40608 affects Next AI Draw.io (a Next.js app). Before version 0.4.15, the embedded HTTP sidecar’s three POST handlers (/api/state, /api/restore, /api/history-svg) accumulate entire request bodies into a JavaScript string without size limits. Node.js buffers the full payload in the V8 hea...

Denial of Service (DoS)

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Denial of Service DoS through the /api/v1/state endpoint of LightningApp. An attacker can cause the server to shut down by...

Lightning 资源管理错误漏洞

Lightning is a pre-training framework open-sourced by Lightning AI to fine-tune any AI model of any size on multiple GPUs, TPUs. A resource management error vulnerability exists in Lightning version 2.3.2, which stems from mishandling of the /api/v1/state endpoint and could lead to a denial of...

Nextcloud 信息泄露漏洞

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an information disclosure vulnerabili...