8767 matches found
CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
EUVD-2026-4754
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486 Python-Multipart has Arbitrary File Write via Non-Default Configuration
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
CVE-2026-24486
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting...
ConvertX path traversal vulnerability
ConvertX is a file format conversion tool developed by the ConvertX company. Versions of ConvertX prior to 0.17.0 contained a path traversal vulnerability. This vulnerability stemmed from the POST /delete endpoint using user-controlled filename values to construct file system paths and performing...
python-multipart path traversal vulnerability
Python-Multipart is a Python-based streaming multipart parser developed by Marcelo Trylesinski. Versions of Python-Multipart prior to 0.0.22 contained a path traversal vulnerability. This vulnerability occurred when non-default configuration options such as UPLOADDIR and UPLOADKEEPFILENAME=True...
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
Linux Distros Unpatched Vulnerability : CVE-2026-24486
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration...
GHSA-WP53-J4WJ-2CFG Python-Multipart has Arbitrary File Write via Non-Default Configuration
Summary A Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Details When UPLOADDIR is set and UPLOADKEEPFILENAME is...
Python-Multipart has Arbitrary File Write via Non-Default Configuration
Summary A Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded files to arbitrary locations on the filesystem by crafting a malicious filename. Details When UPLOADDIR is set and UPLOADKEEPFILENAME is...
PT-2026-4841
Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.22 Description Python-Multipart is a streaming multipart parser for Python. A Path Traversal issue exists when using non-default configuration options UPLOAD DIR and UPLOAD KEEP FILENAME=True. An attacker...
CVE-2026-24609
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through = 3.1...
SUSE CVE-2025-71153
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in getfileallinfo In getfileallinfo, if vfsgetattr fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. Fix this by freeing the filename before returning...
CVE-2025-69078
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through = 1.3.3...
CVE-2025-69061
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through = 1.2.15...
CVE-2025-69047
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech MaxShop swmaxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through = 3.6.20...
CVE-2025-69038
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through = 1.3.6...