Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

Curl 8.16.0 < 8.21.0 WebSocket Auto-PONG Memory Exhaustion

The version of curl installed on the remote host is 8.16.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - Because curl lacks an upper bound on memory allocation for unacknowledged WebSocket frames, a malicious server can exhaust all available memory by floodin...

7.5CVSS5.8AI score0.00609EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/07 3:43 a.m.14 views

Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion

Summary A single unauthenticated WebSocket client can exhaust server memory in any Bandit-fronted application that accepts WebSocket connections. The fragmented-message reassembly path appends every Continuationfin: false frame's payload to a per-connection iolist with no cumulative size cap, so ...

8.7CVSS5.8AI score0.00549EPSS
Exploits0References6Affected Software1
Amazon
Amazon
added 2026/04/01 12:0 a.m.6 views

Important: nodejs20

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7.2AI score0.0115EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-0072

Malware in sbrugna...

5.3CVSS6.4AI score0.01807EPSS
Exploits0References15
Rows per page
Query Builder