Lucene search
K

457 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-56150

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS0.00302EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-56150

CVE-2026-56150 affects Fleet Server and involves Allocation of Resources Without Limits or Throttling (CWE-770) that can cause a Denial of Service via Excessive Allocation. The Elastic/Fleet Server discussion confirms that an attacker could send a crafted request to an upload endpoint to trigger ...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-56150

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41077

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-58170 Vibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading Mandates

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS0.00416EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-58170

CVE-2026-58170 affects Vibe-Trading

8.3CVSS5.8AI score0.00416EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-58166 OpenBMB ChatDev - Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS0.00628EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40373

OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows unauthenticated remote attackers to write or delete arbitrary files by supplying a malicious multipart filename in the file upload endpoint. Attackers can send a crafted filename containing...

9.1CVSS6AI score0.00628EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-53691 Remote Code Execution in Redeight CMS

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...

8.6CVSS0.00488EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-53921

Name of the Vulnerable Software and Affected Versions Vibe-Trading versions prior to 0.1.10 Description The application constructs the proposal file path by joining a caller-supplied proposal identifier to the broker proposals directory without proper sanitization in the...

8.3CVSS5.8AI score0.00416EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40142

Papermark through 0.22.0 contains a cross-origin resource sharing CORS misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with...

4.7CVSS6AI score0.0025EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-40094

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-13547

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS0.00278EPSS
Exploits0References5
NVD
NVD
added 6 days ago8 views

CVE-2026-13528

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

7.5CVSS0.00447EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-40025

A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File...

7.5CVSS6.5AI score0.00447EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/27 7:12 p.m.9 views

Malicious code in ts-ankle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1695e2ffa9252abe1053fc13895a071bd87cb27eb009eeb2262aae1a27da4ea5 On npm install, [email protected] runs a postinstall hook node test.js that executes two hostile flows against the installer's machine without user...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-55446

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.0.19, an attacker can send a /api/v1/files/upload/ request without any authentication token/cookies and abuse a very long multipart form boundary to make the langflow app unusable for all users for an...

7.5CVSS0.00321EPSS
Exploits1References2
NVD
NVD
added 2026/06/21 2:16 p.m.10 views

CVE-2026-56316

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

6.9CVSS0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.4 views

CVE-2026-56316

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

6.9CVSS5.9AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.14 views

CVE-2026-56316

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs by observing response discrepancies. Attackers can probe without authentication to distinguish valid job ...

6.9CVSS5.9AI score0.00241EPSS
Exploits0References2
Rows per page
Query Builder