Lucene search
K

14 matches found

RedHat Linux
RedHat Linux
added 2026/06/11 1:56 p.m.13 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/04 11:37 p.m.8 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/18 11:7 a.m.9 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7.1AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/09 1:33 a.m.7 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/05 11:7 a.m.3 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2026/01/28 7:30 p.m.10 views

CVE-2025-61726

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

7.5CVSS7.3AI score0.01945EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 4: rubygem-rack (TSSA-2025:0410)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0410 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7.3AI score0.00911EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 11:42 p.m.17 views

CVE-2025-8849

LibreChat 0.7.9 is affected by a DoS due to unbounded input sizes on /api/memories (parameters key and value). Large inputs trigger a null pointer in the Rust backend, making it impossible to create new memories and destabilizing the service. A remediation suggestion appears in PT-2025-44563: lim...

7.5CVSS6.5AI score0.00313EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/30 11:42 p.m.6 views

CVE-2025-8849 Denial of Service in danny-avila/librechat

LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...

5.4CVSS6.5AI score0.00313EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-36475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited;...

7.5CVSS7.2AI score0.0197EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/28 11:37 p.m.14 views

rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...

7.5CVSS6.7AI score0.00911EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/05/14 2:14 p.m.8 views

rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser

A flaw was found in Rack::QueryParser. This vulnerability allows denial of service via oversized HTTP requests containing many parameters, resulting in memory exhaustion that consumes all available memory or CPU resource pinning, which keeps the CPU constantly busy...

7.5CVSS6.7AI score0.00911EPSS
Exploits0References8
OSV
OSV
added 2025/05/08 12:0 a.m.2 views

UBUNTU-CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

7.5CVSS6.8AI score0.00911EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/05/07 11:7 p.m.10 views

CVE-2025-46727 Unbounded-Parameter DoS in Rack::QueryParser

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

7.5CVSS7.4AI score0.00911EPSS
Exploits0References4
Rows per page
Query Builder