CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

CVE-2026-5766

CVE-2026-5766 affects Django 6.0 before 6.0.5 and 5.2 before 5.2.14. An ASGI request with a missing or understated Content-Length can bypass FILE_UPLOAD_MAX_MEMORY_SIZE, potentially loading large files into memory and degrading service. The issue is mitigated by applying the patched releases (6.0...

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, a view system, and a template system. Versions of Django prior to 6.0.5 and 5.2.14 contained security vulnerabilities. These vulnerabilities...

Apache Tomcat 9.0.0.M1 < 9.0.107 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 9.0.107. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat9.0.107security-9 advisory. - The vulnerability exists due to overflow in file upload limit. A remote attacker can send specially...

VirtueMart 代码问题漏洞

VirtueMart is an open source e-commerce application from VirtueMart, Inc. designed to be used as an extension to Mambo or Joomla! VirtueMart suffers from a code issue vulnerability that stems from an insufficient file upload limit that could lead to remote code execution...

CVE-2022-4111

Unrestricted file size limit can lead to DoS in tooljet/tooljet 1.27 by allowing a logged in attacker to upload profile pictures over 2MB...

CVE-2025-47793

Nextcloud Server is a self hosted personal cloud system, and the Nextcloud Groupfolders app provides admin-configured folders shared by everyone in a group or team. In Nextcloud Server prior to 30.0.2, 29.0.9, and 28.0.1, Nextcloud Enterprise Server prior to 30.0.2 and 29.0.9, and Nextcloud...

Tcman Gim 代码问题漏洞

Tcman Gim is a facility management software from Tcman Spain designed for use on mobile devices. A code issue vulnerability exists in Tcman Gim version v11, which stems from an insufficient file upload limit and could lead to remote code execution...

PT-2025-12203 · Unknown · Imartinez/Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version 0.5.0 Description: A Denial of Service DOS attack can be performed by appending a large number of characters to the end of a multipart boundary when uploading a file. This leads to uncontrolled resource consumptio...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a denial of service vulnerability that stems from a failure to limit the file size of slack import file uploads. An attacker could exploit this vulnerability to import data to...

GHSA-29XX-FHFF-36M7 Liferay Portal vulnerable to Denial of Service

The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, whic...

OESA-2024-1100 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

MGASA-2023-0138 Updated tomcat packages fix security vulnerability

Information disclosure due to concurrency bug CVE-2021-43980 Fix for CVE-2020-9484 introduced a time of check, time of use vulnerability CVE-2022-23181 Correct documentation to warn of use over untrusted networks. CVE-2022-29885 Correct documentation showing use of XSS vulnerability. CVE-2022-343...

File upload fails if the file size is Greater than 65k when ssl policy is bound to the ADC LBVIP

Can upload files of size only up to 64K 2. Cannot upload files larger than 64K upload stalls 3. SSL Policy with Action is bound to LB Vserver...

CVE-2015-8003

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads...

CentOS Update for php CESA-2010:0040 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...