Lucene search
K

40 matches found

NVD
NVD
added 2026/07/07 11:16 p.m.7 views

CVE-2026-55078

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS0.00602EPSS
Exploits0References6
CVE
CVE
added 2026/07/06 9:17 a.m.17 views

CVE-2026-56810

CVE-2026-56810 affects mint: a memory-denial vulnerability in Mint.HTTP1.decode_body/5 where chunked HTTP response bodies are buffered in an unbounded data_buffer until the entire declared chunk length completes. The chunk size is parsed with no upper bound, enabling a remote attacker to send an ...

8.7CVSS6AI score0.00344EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:17 a.m.6 views

CVE-2026-56810

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint Mint.HTTP1 module allows a denial of service via an oversized chunked transfer-encoded response. This vulnerability is associated with program files lib/mint/http1.ex and program routines...

8.7CVSS6AI score0.00344EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/06 5:47 a.m.4 views

BIT-ACTIVEMQ-2026-53916 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp: Unbounded header buffer in STOMP NIO codec

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS6.1AI score0.00796EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/17 8:2 a.m.14 views

gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion

...

8.7CVSS5.8AI score0.00381EPSS
Exploits0
CVE
CVE
added 2026/05/25 2:0 p.m.38 views

CVE-2026-47073

CVE-2026-47073 affects hackney WebSocket client (src/hackney_ws.erl) causing unbounded memory growth via three paths: read_handshake_response/3 accumulates an unbounded buffer due to lack of size cap; parse_payload/9 and parse_active_payload/8 do not enforce a maximum frame payload length; and fr...

8.7CVSS5.9AI score0.00825EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart...

8.2CVSS5.7AI score0.00382EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 3:35 p.m.10 views

GHSA-468C-VQ7P-GH64 Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service

Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...

8.2CVSS5.9AI score0.0062EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/05/20 3:35 p.m.32 views

Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service

Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...

8.2CVSS5.9AI score0.0062EPSS
Exploits0References11Affected Software1
EUVD
EUVD
added 2026/05/20 3:35 p.m.11 views

EUVD-2026-30266

Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service...

8.2CVSS5.9AI score0.0062EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/05/14 10:29 a.m.46 views

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS0.0062EPSS
Exploits0References9
CVE
CVE
added 2026/05/14 10:29 a.m.20 views

CVE-2026-8468

Summary (facts from sources): CVE-2026-8468 describes an unbounded memory accumulation in multipart header parsing within Elixir Plug (plug_project) andCowboy-derived code. The root cause is in plug_multipart:parse_headers/2 (and read_part_headers/2 in lib/plug/conn.ex) which accumulates incoming...

8.2CVSS6AI score0.0062EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/14 10:29 a.m.7 views

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/05/14 10:29 a.m.8 views

EEF-CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Summary Allocation of Resources Without Limits or Throttling vulnerability in plug\project plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':read\part\headers/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper...

8.2CVSS6.2AI score0.0062EPSS
Exploits0References9
OSV
OSV
added 2026/05/14 10:29 a.m.4 views

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6.2AI score0.0062EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40905

Name of the Vulnerable Software and Affected Versions plug versions 1.4.0 through 1.15.3 plug version 1.16.3 plug version 1.17.1 plug version 1.18.2 plug version 1.19.2 Description An unbounded buffer accumulation issue exists during multipart header parsing. The function read part headers/2 in...

8.2CVSS6AI score0.0062EPSS
Exploits0References16
Github Security Blog
Github Security Blog
added 2026/05/13 9:32 p.m.12 views

Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00382EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/13 9:32 p.m.6 views

GHSA-JFC2-Q6QH-G5X8 Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00382EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/13 7:17 p.m.9 views

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00382EPSS
Exploits0References4
CVE
CVE
added 2026/05/13 6:26 p.m.27 views

CVE-2026-8466

CVE-2026-8466 affects the Cowboy web server (ninenines) prior to 2.15.0. The issue is an unbounded memory growth vulnerability in multipart header parsing: cowboy_req:read_part/3 accumulates request bytes into a Buffer without an upper-bound check, and when cow_multipart:parse_headers/2 returns m...

8.2CVSS5.9AI score0.00382EPSS
Exploits0References3
Rows per page
Query Builder