Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption...

multiparty vulnerable to ReDoS via filename parsing

Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...

EUVD-2026-29441

multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing...

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

NPM: multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

Directory Traversal

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Directory Traversal via the upload filename parameter in specific endpoints. An unauthenticated attacker can overwrite or create...

CVE-2026-8802 opensourcepos Open Source Point of Sale Items.php getPicThumb path traversal

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: perl-File-Find-Rule (UTSA-2026-021485)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021485 advisory. File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument...

Flawfinder-ANSI-Exploit-POC

Flawfinder-ANSI-Exploit-POC In version 2.0.19 of Flawfinder, n...

Pallets Click contains a command injection via Unsanitized Filename "click.edit()"

...

AstrBot 路径遍历漏洞

AstrBot is an open-source multi-platform LLM chatbot and development framework developed by AstrBot. Versions of AstrBot 4.23.5 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the improper handling of the postfile function in the File Upload Handler component...

SUSE CVE-2026-46483

Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tarVimuntar in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescapetartail without the...

AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename and calls passwordless `User->login()`, allowing any caller with the Meet shared secret to obtain a session as arbitrary users including admin

Summary Type: Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint plugin/Meet/uploadRecordedVideo.json.php authenticates the caller using a single shared Authorization: Bearer against $objM-secret. Once that check passes, the endpoint reads the...

Path Traversal

github.com/charmbracelet/wish is vulnerable to Path Traversal. The vulnerability is due to improper validation of SCP filenames containing traversal sequences, which allows an attacker to read, write, or create files and directories outside the configured root directory...

CVE-2026-45225

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

CVE-2026-44666

HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

EUVD-2026-30307

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...