CVE-2025-32959

CVE-2025-32959 affects CUBA Platform: before 7.2.23 the local file storage does not restrict uploaded file sizes, allowing an attacker to exhaust server disk space and cause HTTP 500 DoS. The issue is fixed in 7.2.23; a workaround is documented in Jmix files vulnerability guidance. Applied mitiga...

CVE-2025-32959 CUBA Vulnerable to Denial of Service (DoS) in the File Storage

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run...

CVE-2025-32952

The CVE-2025-32952 affects Jmix local file storage (io.jmix.localfs:jmix-localfs) across Jmix 1.x and 2.x releases: versions 1.0.0–1.6.1 and 2.0.0–2.3.4 fail to enforce file size limits on uploads, enabling an attacker to upload excessively large files and potentially exhaust server disk space, c...

CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

CVE-2025-32950

Summary (CVE-2025-32950): Jmix (v1.0.0–v1.6.1 and v2.0.0–v2.3.4) is vulnerable to path traversal via the FileRef parameter. An attacker could read arbitrary files on the host if the application server has sufficient permissions, by modifying FileRef in the database or by supplying a crafted value...

CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

GHSA-W3MP-6VRJ-875G Cuba has a DoS in the File Storage

Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the...

Cuba has a DoS in the File Storage

Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the...

io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the...

GHSA-F3GV-CWWH-758M io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Impact The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. The severity of the...

GHSA-JX4G-3XQM-62VH io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Impact Attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful...

io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Impact Attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful...

PT-2025-17575 · Unknown · Cuba Platform

Name of the Vulnerable Software and Affected Versions: CUBA Platform versions prior to 7.2.23 Description: The local file storage implementation in CUBA Platform does not restrict the size of uploaded files, allowing an attacker to upload excessively large files. This could cause the server to ru...

PT-2025-17574

Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4 Description The local file storage implementation in Jmix does not restrict the size of uploaded files, allowing an attacker to upload excessively large files and potentially...

The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...