Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8761 matches found

EUVD
EUVDadded 2026/05/14 12:32 p.m.6 views

EUVD-2026-30274

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wpdbtempdir parameter, which controls where database backups are written. This makes it possible for...

7.5CVSS5.7AI score0.00343EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.8 views

PT-2026-41168

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An issue exists where the audio transcription upload endpoint uses the file extension from a user-supplied filename to save files. The '/cache/path' route serves these files via FileResponse, whic...

8.7CVSS5.9AI score0.0018EPSS
Exploits1References7
EUVD
EUVDadded 2026/05/13 12:48 a.m.12 views

EUVD-2026-29850

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2026/05/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-8162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/05/13 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-8159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/12 9:9 p.m.36 views

CVE-2026-45225 Heym < 0.0.21 Path Traversal File Upload via upload_file()

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS0.00355EPSS
Exploits0References4
CVE
CVEadded 2026/05/12 9:9 p.m.24 views

CVE-2026-45225

CVE-2026-45225 affects Heym before 0.0.21. A path traversal flaw in the file upload endpoint (upload_file()) allows authenticated users to write attacker-controlled files to arbitrary locations by using traversal sequences in the filename. The vulnerability stems from an unvalidated filename para...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/05/12 8:21 p.m.8 views

CVE-2026-42213

SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHandler into a clickable link VS Code textDocument/documentLin...

5.1CVSS5.9AI score0.00454EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/12 12:32 p.m.40 views

EUVD-2026-29428

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS5.9AI score0.00274EPSS
Exploits0References2
Snyk
Snykadded 2026/05/12 11:24 a.m.6 views

Improper Handling of Exceptional Conditions

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the filename parameter parsing in multipart form-data requests. An attacker can cause the process to crash by sending a...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2
Snyk
Snykadded 2026/05/12 11:24 a.m.8 views

Improper Handling of Exceptional Conditions

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the filename parameter parsing in multipart form-data requests. An attacker can cause the process to cra...

8.7CVSS5.8AI score0.00279EPSS
Exploits0References2
NVD
NVDadded 2026/05/12 10:16 a.m.8 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS0.00279EPSS
Exploits0References2
NVD
NVDadded 2026/05/12 10:16 a.m.9 views

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS0.00335EPSS
Exploits0References3
OSV
OSVadded 2026/05/12 10:16 a.m.4 views

DEBIAN-CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 10:16 a.m.14 views

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS0.00274EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 9:5 a.m.36 views

CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/12 9:5 a.m.5 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/12 9:5 a.m.5 views

CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 9:5 a.m.10 views

CVE-2026-8162

The CVE-2026-8162 entry affects multiparty (versions 4.2.3 and earlier) where a multipart/form-data request with a Content-Disposition filename* contains malformed percent-encoding. The parser calls decodeURI without a try/catch, causing a URIError to propagate as an uncaught exception and crash ...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2026/05/12 9:5 a.m.9 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0
Rows per page
Query Builder