Lucene search
K

15 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 12:16 p.m.9 views

Security Bulletin: Vulnerability in Python-Multipart bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage

Summary IBM Fusion Content-Aware Storage includes the python-multipart library, which is susceptible to a Path Traversal vulnerability. This flaw exists when specific non-default configuration options, such as UPLOADKEEPFILENAME=True, are utilized. A remote attacker could exploit this vulnerabili...

8.6CVSS5.7AI score0.02228EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/18 7:0 a.m.19 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2025-55132 DESCRIPTION: A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even...

9.8CVSS8AI score0.47621EPSS
Exploits14Affected Software1
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.70 views

📄 Python-Multipart 0.0.22 Path Traversal

Python-Multipart version 0.0.22 suffers from a path traversal vulnerability. Exploit Title: Python-Multipart 0.0.22 - Path Traversal Date: 2026-02-23 Exploit Author: cardosource Vendor Homepage: https://github.com/Kludex/python-multipart Software Link: https://pypi.org/project/python-multipart/...

8.6CVSS6.7AI score0.02228EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 8:27 a.m.4 views

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in python_multipart

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in pythonmultipart. CVE-2026-24486 vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version...

8.6CVSS6.7AI score0.02228EPSS
Exploits5Affected Software1
OpenVAS
OpenVAS
added 2026/02/05 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2026:20188-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.4AI score0.02228EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.8 views

Fedora 43 : python-python-multipart (2026-08c12edc84)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-08c12edc84 advisory. Security fix for CVE-2026-24486 / GHSA- wp53-j4wj-2cfg. ---- 0.0.22 2026-01-25 Drop directory path from filename in File Tenable has extracted the preceding...

8.6CVSS5.5AI score0.02228EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2026/02/04 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-08c12edc84)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.4AI score0.02228EPSS
Exploits5References6
OpenVAS
OpenVAS
added 2026/01/29 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2026:0307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS5.4AI score0.02228EPSS
Exploits5References4
OSV
OSV
added 2026/01/28 4:3 p.m.8 views

SUSE-SU-2026:20188-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References3
Wolfi
Wolfi
added 2026/01/28 7:49 a.m.6 views

CVE-2026-24486 vulnerabilities

Vulnerabilities for packages: reflex, open-webui, semgrep, airflow...

8.6CVSS6.7AI score0.02228EPSS
Exploits5
SUSE Linux
SUSE Linux
added 2026/01/27 4:37 p.m.5 views

Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.8CVSS5.9AI score0.02228EPSS
Exploits5References4
OSV
OSV
added 2026/01/27 4:36 p.m.3 views

SUSE-SU-2026:0307-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal bsc1257301...

8.6CVSS5.8AI score0.02228EPSS
Exploits5References3
RedhatCVE
RedhatCVE
added 2026/01/27 3:5 p.m.12 views

CVE-2026-24486

A flaw was found in Python-Multipart, a tool for parsing multipart form data in Python applications. This vulnerability, known as path traversal, allows a remote attacker to write uploaded files to any location on the server's file system. This exploitation occurs when specific non-default...

8.6CVSS5.9AI score0.02228EPSS
Exploits5References6
Cvelist
Cvelist
added 2026/01/27 12:34 a.m.44 views

CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS0.02228EPSS
Exploits5References3
UbuntuCve
UbuntuCve
added 2026/01/27 12:0 a.m.5 views

CVE-2026-24486

Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...

8.6CVSS6.7AI score0.02228EPSS
Exploits5References6
Rows per page
Query Builder