CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

PT-2025-41013

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.19 Rack versions prior to 3.1.17 Rack versions prior to 3.2.2 Description Rack is a modular Ruby web server interface. The Rack::Multipart::Parser component stores non-file form fields in memory as Ruby String object...

BIT-TYPO3-2022-23500

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page...

Denial of Service in Page Error Handling

Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack...