CVE-2026-35457

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed i...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper validation of the chunk-size field in chunked Transfer-Encoding within the ChunkedDecoder::readpayload function. An attacker can cause unbounded memory allocation and...

CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

cpp-httplib 安全漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.43.4 contained security vulnerabilities. These vulnerabilities stemmed from negative chunk sizes in chunked transmission encoding, leading to unbounded...

CVE-2026-45292

opentelemetry-java is the Java implementation of the OpenTelemetry API for recording telemetry, and SDK for managing telemetry recorded by the API. Prior to 1.62.0, a vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators...

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the date filter in filters/date.ts and the strftime formatter in...

Linux Distros Unpatched Vulnerability : CVE-2026-28376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to...

golang: archive/tar: Unbounded allocation when parsing GNU sparse map

A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go...

Allocation of Resources Without Limits or Throttling

Overview Scriban.Signed is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Affected versions of this package are vulnerable to Allocation of Resources Without...

BIT-GRAFANA-2026-28383 Grafana plugin resources can lead to unbounded memory allocation

A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading the entire request body into memory. An authenticated user can exploit this to trigger an out-of-memory condition, potentially causing a denial of service...

GHSA-RCGG-9C38-7XPX OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

EUVD-2026-30138

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

CVE-2026-28383

CVE-2026-28383 describes a memory‑consumption vulnerability in the Grafana environment where a request to the Grafana plugin resources endpoint can read the entire request body into memory, leading to unbounded memory usage. An authenticated user can exploit this to trigger an out‑of‑memory condi...

CVE-2026-28376

CVE-2026-28376 affects the Grafana Live push endpoint. An authenticated user with access to the Grafana Live API can trigger unbounded memory allocation by sending a large or streaming request body, potentially causing out-of-memory conditions. The available documents describe the vulnerable comp...

CVE-2026-28376

The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a large or streaming request body, potentially leading to out-of-memory conditions. An authenticated user with access to the Grafana Live API can trigger this issue...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017795 advisory. The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large...

OESA-2026-2248 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a...

CVE-2026-43287

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...

GHSA-FPF5-4JW8-67X8 rust-zserio has Unbounded Memory Allocation

Impact When deserializing arrays, strings or bytes blob types zserio first reads the size of the variable, and then allocates sufficient memory to load data. Since the size is always trusted this can be abused by creating a data file with a large size value, causing the zserio runtime to allocate...