Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 12:16 p.m.9 views

Security Bulletin: Vulnerability in Python-Multipart bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage

Summary IBM Fusion Content-Aware Storage includes the python-multipart library, which is susceptible to a Path Traversal vulnerability. This flaw exists when specific non-default configuration options, such as UPLOADKEEPFILENAME=True, are utilized. A remote attacker could exploit this vulnerabili...

8.6CVSS5.7AI score0.02228EPSS
Exploits5Affected Software2
Packet Storm
Packet Storm
added 2026/06/09 12:0 a.m.53 views

📄 Python-Multipart Path Traversal / Arbitrary File Write

Proof of concept that leverages a path traversal vulnerability in Python-Multipart versions prior to 0.0.22 to achieve an arbitrary file write. ================================================================================================================================== | Title :...

8.6CVSS6.6AI score0.02228EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:0 a.m.18 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2025-55132 DESCRIPTION: A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even...

9.8CVSS8AI score0.47621EPSS
Exploits14Affected Software1
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.67 views

📄 Python-Multipart 0.0.22 Path Traversal

Python-Multipart version 0.0.22 suffers from a path traversal vulnerability. Exploit Title: Python-Multipart 0.0.22 - Path Traversal Date: 2026-02-23 Exploit Author: cardosource Vendor Homepage: https://github.com/Kludex/python-multipart Software Link: https://pypi.org/project/python-multipart/...

8.6CVSS6.7AI score0.02228EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 8:27 a.m.4 views

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in python_multipart

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in pythonmultipart. CVE-2026-24486 vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version...

8.6CVSS6.7AI score0.02228EPSS
Exploits5Affected Software1
OpenVAS
OpenVAS
added 2026/02/05 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2026:20188-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.4AI score0.02228EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2026/02/04 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-08c12edc84)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.4AI score0.02228EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.7 views

Fedora 43 : python-python-multipart (2026-08c12edc84)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-08c12edc84 advisory. Security fix for CVE-2026-24486 / GHSA- wp53-j4wj-2cfg. ---- 0.0.22 2026-01-25 Drop directory path from filename in File Tenable has extracted the preceding...

8.6CVSS5.5AI score0.02228EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.6 views

Fedora 42 : python-python-multipart (2026-720b8d0c6c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-720b8d0c6c advisory. Security fix for CVE-2026-24486 / GHSA- wp53-j4wj-2cfg. ---- 0.0.22 2026-01-25 Drop directory path from filename in File Tenable has extracted the preceding...

8.6CVSS5.5AI score0.02228EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2026/01/29 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2026:0307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.4AI score0.02228EPSS
Exploits5References4
OSV
OSV
added 2026/01/28 4:3 p.m.8 views

SUSE-SU-2026:20188-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References3
Wolfi
Wolfi
added 2026/01/28 7:49 a.m.6 views

CVE-2026-24486 vulnerabilities

Vulnerabilities for packages: reflex, open-webui, semgrep, airflow...

8.6CVSS6.7AI score0.02228EPSS
Exploits5
SUSE Linux
SUSE Linux
added 2026/01/27 4:37 p.m.5 views

Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.8CVSS5.9AI score0.02228EPSS
Exploits5References4
OSV
OSV
added 2026/01/27 4:36 p.m.3 views

SUSE-SU-2026:0307-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References3
RedhatCVE
RedhatCVE
added 2026/01/27 3:5 p.m.12 views

CVE-2026-24486

A flaw was found in Python-Multipart, a tool for parsing multipart form data in Python applications. This vulnerability, known as path traversal, allows a remote attacker to write uploaded files to any location on the server's file system. This exploitation occurs when specific non-default...

8.6CVSS5.9AI score0.02228EPSS
Exploits5References6
Circl
Circl
added 2026/01/27 1:31 a.m.8 views

CVE-2026-24486

creationtimestamp| type| source ---|---|--- 2026-01-27 01:31:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mdemf2mwlf23 2026-01-27 03:20:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdesgpzcui2i 2026-04-30 10:01:08+00:00| seen|...

8.6CVSS6.5AI score0.02228EPSS
Exploits5References3
Cvelist
Cvelist
added 2026/01/27 12:34 a.m.43 views

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS0.02228EPSS
Exploits5References3
UbuntuCve
UbuntuCve
added 2026/01/27 12:0 a.m.5 views

CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS6.7AI score0.02228EPSS
Exploits5References6
vulnersOsv
vulnersOsv
added 2026/01/26 11:28 p.m.9 views

10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=3.4.0) +440 more potentially affected by CVE-2026-24486 via python-multipart (>=0.0.10 <=0.0.21)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.0, =0.1.13 and more Source cves: CVE-2026-24486 Source advisory: OSV:GHSA-WP53-J4WJ-2CFG...

8.6CVSS6.5AI score0.02228EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2026/01/26 11:28 p.m.6 views

10xscale-agentflow-cli (=0.1.5), admin-api-lib (>=3.2.0 <=3.4.0) +440 more potentially affected by CVE-2026-24486 via python-multipart (>=0.0.10 <=0.0.21)

python-multipart PYPI version =0.0.10, =3.2.0, =0.8.2.4, =0.1.0, =1.0.202504142220, =0.1.0, =0.4.0, =0.4.0, =0.1.0, =0.4.0, =1.6.21, =0.1.1, =0.1.0, =0.1.13 and more Source cves: CVE-2026-24486 Source advisory: SNYK:PYTHON-PYTHONMULTIPART-15117506...

8.6CVSS6.5AI score0.02228EPSS
Exploits5
Rows per page
Query Builder