Lucene search
+L

968 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.19 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python3 (SUSE-SU-2026:1715-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1715-1 advisory. - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined...

9.1CVSS6.9AI score0.00621EPSS
Exploits1References31
CBLMariner
CBLMariner
added 2026/05/09 3:31 a.m.10 views

CVE-2026-40386 affecting package libexif for versions less than 0.6.24-3

CVE-2026-40386 affecting package libexif for versions less than 0.6.24-3. A patched version of the package is available...

7.1CVSS5.8AI score0.0014EPSS
Exploits0
EUVD
EUVD
added 2026/05/08 6:31 p.m.14 views

EUVD-2026-28802

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, aseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS6.2AI score0.05982EPSS
Exploits4References7
vulnersOsv
vulnersOsv
added 2026/05/08 6:31 p.m.8 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: OSV:GHSA-3RF6-X59V-5JFV...

9.8CVSS7.2AI score0.05982EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2026/05/08 6:31 p.m.10 views

dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8Affected Software1
OSV
OSV
added 2026/05/08 6:31 p.m.9 views

GHSA-3RF6-X59V-5JFV dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8
vulnersOsv
vulnersOsv
added 2026/05/08 6:28 p.m.10 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: SNYK:PYTHON-DASHUPLOADER-16635838...

9.8CVSS7.2AI score0.05982EPSS
Exploits4
Snyk
Snyk
added 2026/05/08 6:28 p.m.7 views

Directory Traversal

Overview dash-uploader is an Upload large files using resumable.js Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied input in the gettemproot and post functions. An attacker can gain unauthorized access to files and execute arbitrary...

9.8CVSS6.5AI score0.05982EPSS
Exploits4References2
NVD
NVD
added 2026/05/08 5:16 p.m.15 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS0.05982EPSS
Exploits4References8
vulnersOsv
vulnersOsv
added 2026/05/08 4:31 p.m.11 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38361 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38361 Source advisory: SNYK:PYTHON-DASHUPLOADER-16635848...

7.5CVSS7AI score0.02643EPSS
Exploits5
Snyk
Snyk
added 2026/05/08 4:31 p.m.9 views

Arbitrary Code Injection

Overview dash-uploader is an Upload large files using resumable.js Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of the Upload function and the maxfilesize parameter in the affected components. An attacker can execute arbitrary code remotely by...

9.2CVSS6.2AI score0.02643EPSS
Exploits5References2
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2026-28645

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

7.5CVSS6.2AI score0.02643EPSS
Exploits5References10
vulnersOsv
vulnersOsv
added 2026/05/08 3:16 p.m.9 views

aurora-cycler-manager (=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +7 more potentially affected by CVE-2026-38361 via dash-uploader (>=0.6.0 <=0.6.1)

dash-uploader PYPI version =0.6.0, =3.6.19, =0.0.11, =0.0.30, =0.0.50.0, =0.2.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38361 Source advisory: OSV:PYSEC-2026-37...

7.5CVSS7AI score0.02643EPSS
Exploits5
PyPA
PyPA
added 2026/05/08 3:16 p.m.25 views

PYSEC-2026-37

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

7.5CVSS6.2AI score0.02643EPSS
Exploits5References9Affected Software1
NVD
NVD
added 2026/05/08 3:16 p.m.10 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

7.5CVSS0.02643EPSS
Exploits5References11
OSV
OSV
added 2026/05/08 3:16 p.m.6 views

PYSEC-2026-37

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

7.5CVSS6.2AI score0.02643EPSS
Exploits5References9
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

dash-uploader 路径遍历漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain a path traversal vulnerability. This vulnerability stems from directory traversal in the dashUploader/httpRequestHandler.py, BaseHttpRequestHandler.getTempRoot...

9.8CVSS6.1AI score0.05982EPSS
Exploits4References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

dash-uploader 资源管理错误漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain resource management vulnerabilities. These vulnerabilities originate from the Upload function in dashuploader/httprequesthandler.py, the maxfilesize parameter ...

7.5CVSS6.1AI score0.02643EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.9 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

6AI score0.05982EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39009

Name of the Vulnerable Software and Affected Versions fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 Description A remote attacker can execute arbitrary code through the Upload function and the max file size parameter within the dash uploader/httprequesthandler.py, dash uploader/upload.py,...

7.8CVSS6.1AI score0.02643EPSS
Exploits5References17
Rows per page
Query Builder