Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-33382 Denial of service via unbounded request body size

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added last week38 views

CVE-2026-55434 Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could se...

6.5CVSS0.00552EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 5:51 p.m.4 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 11:38 p.m.4 views

BIT-DJANGO-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30851

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description ASGI requests lacking or underreporting the Content-Length header may bypass the DATA UPLOAD MAX MEMORY SIZE limit when processing HttpRequest.body,...

9.8CVSS5.8AI score0.00879EPSS
Exploits1References33
NVD
NVD
added 2026/03/11 6:16 p.m.5 views

CVE-2026-31866

flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP /ofrep/v1/evaluate/... and gRPC evaluation.v1, evaluation.v2 endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context...

7.5CVSS0.0042EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:49 p.m.3 views

CVE-2026-31866

flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP /ofrep/v1/evaluate/... and gRPC evaluation.v1, evaluation.v2 endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context...

7.5CVSS5.7AI score0.0042EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/11/05 11:49 p.m.4 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00605EPSS
Exploits0References8
Rows per page
Query Builder