GHSA-8RWR-F68V-CVW6 NocoDB: Attachment Size Limit Bypass via Upload-by-URL

Summary The upload-by-URL path did not enforce NCATTACHMENTFIELDSIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks...

PT-2026-42608

Summary The upload-by-URL path did not enforce NC ATTACHMENT FIELD SIZE against either the remote file's advertised Content-Length or the decoded length of a data: URI, allowing an authenticated user to bypass the configured per-file size limit. Details The attachments service now checks NC...

GHSA-3PX7-JM2P-6H2C encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

Denial Of Service (DoS)

libgpac.so is vulnerable to denial of service. The vulnerability exists through the heap-buffer-overflow in the schmboxread function of boxcodedrm.c because the function does not properly check the length of URI, allowing an attacker to crash the application by providing a maliciously crafted fil...

CVE-2021-31226

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to lack of size validation. This vulnerability requires the attacker to send a crafted HTTP POST request with a URI longer than 50 bytes. This leads...

PT-2018-6268 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, at memory address 0x9d01bb1c, the value for the uri key is copied using strcpy to a buffer at...

Apache Struts includeParams Remote Code Execution

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions prior to 2.3.14.2. A specifically crafted request parameter can be used to inject arbitrary OGNL code into the stack bypassing Struts and OGNL library protections. When targeting an action which...