CVE-2023-7330

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

Security Bulletin: Apache commons-fileupload CVE-2025-48976 security vulnerability in FileNet Content Manager (FNCM) component Administration Console for Content Platform Engine (ACCE)

Summary Apache commons-fileupload CVE-2025-48976 security vulnerability in FileNet Content Manager FNCM component Administration Console for Content Platform Engine ACCE Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits...

CVE-2023-7330 Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

CVE-2023-7330

CVE-2023-7330 affects Ruijie NBR series routers. An unauthenticated arbitrary file upload vulnerability exists via /ddi/server/fileupload.php where attacker-controlled values in the name and uploadDir parameters are accepted and the multipart file content is saved without proper validation or san...

CVE-2023-7330 Ruijie Networks NBR Routers Unauthenticated Arbitrary File Upload via fileupload.php

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

VulnCheck KEV: CVE-2023-7330

Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of...

Atlassian Jira Service Management Data Center and Server 5.10.0 < 5.12.26 / 10.0.x < 10.3.10 / 10.4.x < 10.7.3 / 11.0.x < 11.2.0 (JSDSERVER-16435)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16435 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability i...

TencentOS Server 4: tomcat (TSSA-2025:0623)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0623 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Mageia: Security Advisory (MGASA-2025-0296)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0296 Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

Updated apache-commons-fileupload packages fix security vulnerability

Apache Commons FileUpload: FileUpload DoS via part headers. CVE-2025-48976...

DoS (Denial of Service) Third-Party Dependency in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 5.10.0, 5.11.0, 5.12.0, 5.13.0, 5.14.0, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.0, 11.0.0 and and 11.1.0 of Jira Service Management Data Center and Server. This...

Security Bulletin: Multiple Vulnerabilities in IBM webMethods BPM.

Summary Multiple vulnerabilities were addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload ( CVE-2025-48976)

Summary WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable ...

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

CVE-2025-27224

TRUfusion Enterprise (versions up to 7.10.4.0) is affected by insecure handling of the /trufusionPortal/fileupload endpoint, where input is not properly sanitized, enabling path traversal sequences to write arbitrary files anywhere on the local server and potentially execute code. Root cause: ins...