PT-2026-50598

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.1 Description Unauthenticated users with network access can upload unlimited amounts of data to the server, which can lead to disk space exhaustion and a subsequent denial-of-service. Additionally, the server lea...

GHSA-7RP8-R62P-Q6WC `melange update-cache` has unbounded HTTP download that can exhaust disk in CI

melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP client timeout pkg/renovate/cache/cache.go. An attacker-controlled URI in a melange config can cause unbounded disk writes, exhausting disk on the build runner. Affected versions = 0.40.5. Fix: Merge...

EUVD-2019-9452

Malware in sbrugna...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)

Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

The vulnerability of the HTTP-server in the Node.js software platform allows attackers to circumvent security restrictions and cause service failures.

The vulnerability of the HTTP server in the Node.js software platform is related to an uncontrolled resource consumption caused by reading an unlimited number of bytes from a single connection when processing HTTP requests with fragmented encoding. Exploiting this vulnerability allows a remote...

procps buffer error vulnerability

procps is the procps-ng open source command line and full screen utility for browsing procfs. A security vulnerability exists in procps that stems from allowing a user with the right to run the procps program on a computer to write a virtually unlimited amount of unfiltered data to the process he...

CVE-2023-24603

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data...

PT-2023-19705 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue concerns a lack of size limit checks when downloading data, potentially allowing a crafted iCal feed to provide an unlimited amount of data. This could be exploited, for...

Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp

This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it'...

SUSE CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

DEBIAN-CVE-2022-36114

Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size also known as a...

OpenZeppelin 资源管理错误漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. A resource management error vulnerability exists in versions prior to OpenZeppelin Contracts v4.7.2, which stems from the fact that this is a library for secure smart contract development, and the target contra...

CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

Input validation

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

PT-2021-12722 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.2 Nextcloud Server versions prior to 19.0.5 Nextcloud Server versions prior to 18.0.11 Description: A missing input validation in Nextcloud Server allows users to store unlimited data in workflow rules,...

CVE-2019-19859

An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database...

CVE-2019-19859

An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database...

CVE-2019-19859

An issue was discovered in Serpico aka SimplE RePort wrIting and CollaboratiOn tool 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database...

Serpico Input Validation Error Vulnerability

Serpico is a penetration test report generation and collaboration tool. An input validation error vulnerability exists in Serpico version 1.3.0, which arises from a networked system or product that does not properly validate incoming data and can be exploited by an attacker to add an unlimited...

See how I found to Have a cloud storage platform session mechanisms of vulnerability-vulnerability warning-the black bar safety net

! Recently in contrast to cloud storage solutions, I was surprised to find that many companies are still offering unlimited cloud data storage service solution, like Have the company that such note and don't Have a format specification confusion, and Have the company designed for individuals,...