Lucene search
K

4 matches found

NVD
NVD
added 2026/06/22 6:16 p.m.16 views

CVE-2026-53538

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...

3.7CVSS0.00176EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/19 12:44 p.m.5 views

Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing

Summary Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely large payloads, leading to service crashes and...

8.7CVSS5.7AI score0.00437EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/11/01 4:16 p.m.42 views

CVE-2024-49770 oak's path traversal allows transfer of hidden files within the served root directory

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default oak does not allow transferring of hidden files with Context.send API. However, prior to version 17.1.3, this can be bypassed by encoding / as its URL encoded...

8.7CVSS0.00682EPSS
Exploits0References4
Snyk
Snyk
added 2022/11/03 12:41 p.m.3 views

Denial of Service (DoS)

Overview vapor/vapor is an a server-side Swift HTTP web framework. Affected versions of this package are vulnerable to Denial of Service DoS via URLEncodedFormDecoder. When using automatic content decoding, an attacker can craft a request body that can make the server crash. Details Denial of...

7.5CVSS7.1AI score0.0149EPSS
Exploits1References2
Rows per page
Query Builder