1043 matches found
CVE-2021-35485
CVE-2021-35485 impacts Nokia IMPACT’s Applications component for versions up to 19.11.2.10-20210118042150283. An authenticated user can arbitrarily upload server-side executable files through the /ui/rest-proxy/application fileupload parameter when adding a new application or editing an existing ...
EUVD-2021-22127
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...
CVE-2021-35483
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
Nokia IMPACT 安全漏洞
Nokia IMPACT is a set of IoT intelligent management platforms developed by Finnish company Nokia. Versions of Nokia IMPACT such as 19.11.2.10 and earlier contain security vulnerabilities. These vulnerabilities stem from the Applications component, which allows the upload of server-side executable...
CVE-2021-35485
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...
PT-2026-22758
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
CVE-2021-35483
The Nokia IMPACT Applications component (versions up to 19.11.2.10-20210118042150283) allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter during adding or editing an application. If an authenticated user visits the page where...
CVE-2021-35485
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...
CVE-2021-35483
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
Security Bulletin: IBM Security Verify Directory Web Admin Tool Container affected by WebSphere Application Server Liberty Denial‑of‑Service Vulnerability with HTTP/2
Summary IBM Security Verify Directory Web Admin Container has remediated the WebSphere Liberty vulnerabilities CVE-2025-48976 by incorporating the updated WebSphere Liberty runtime levels that include the necessary fixes. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...
Atlassian Confluence 7.19.x < 9.2.7 / 9.3.1 < 9.5.3 / 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-102193)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102193 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affec...
CVE-2026-25732
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
PYSEC-2026-95
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
NiceGUI 路径遍历漏洞
NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.7.0 contained a path traversal vulnerability. This vulnerability stemmed from the FileUpload.name attribute not being cleaned up, allowing for path traversal and remote cod...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload
Summary IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects...
Malicious code in fileupload-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284fb08fce78b3881a87fa045e3cd78babfd4be9859ffd8be916952b1088fc19 The package fileupload-util was found to contain malicious code. Source: ghsa-malware 86e2a72f365ef548c52ca11a5bcfa8cbca1b7ff90e2e35aa34b8d9c2abb9c85...
MAL-2026-690 Malicious code in fileupload-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284fb08fce78b3881a87fa045e3cd78babfd4be9859ffd8be916952b1088fc19 The package fileupload-util was found to contain malicious code. Source: ghsa-malware 86e2a72f365ef548c52ca11a5bcfa8cbca1b7ff90e2e35aa34b8d9c2abb9c85...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and...