Lucene search
K

15 matches found

NVD
NVD
added 2026/04/01 5:28 p.m.5 views

CVE-2026-34603

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the...

8.3CVSS0.00408EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 4:8 p.m.4 views

EUVD-2026-17964

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the...

7.1CVSS5.8AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.16 views

PT-2026-29498

Name of the Vulnerable Software and Affected Versions Tina versions prior to 2.2.2 Description A path-traversal issue exists in Tina, a headless content management system, due to insufficient validation of file paths in the dev media routes. The implementation validates only the path string and...

8.3CVSS5.4AI score0.00408EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.7 views

CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

7.5CVSS5.7AI score0.00599EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 8:16 p.m.6 views

CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

7.5CVSS0.00599EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 7:20 p.m.23 views

CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

6.9CVSS0.00599EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 7:20 p.m.6 views

CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

6.9CVSS5.8AI score0.00599EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/24 7:20 p.m.3 views

CVE-2026-33332 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

6.9CVSS5.7AI score0.00599EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:20 p.m.9 views

CVE-2026-33332

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

6.9CVSS5.7AI score0.00599EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/24 7:20 p.m.8 views

EUVD-2026-14179

NiceGUI is a Python-based UI framework. Prior to version 3.9.0, NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without...

8.2CVSS5.7AI score0.00599EPSS
Exploits1References10
CVE
CVE
added 2026/03/24 7:20 p.m.16 views

CVE-2026-33332

CVE-2026-33332 affects NiceGUI prior to v3.9.0. The media routes app.add_media_file() and app.add_media_files() accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without validation, allowing a...

7.5CVSS5.7AI score0.00599EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 6:48 p.m.5 views

GHSA-W5G8-5849-VJ76 NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

Summary NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without validation, allowing an attacker to bypass chunked streaming and...

6.9CVSS5.8AI score0.00599EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/19 6:48 p.m.3 views

Improper Validation of Specified Quantity in Input

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the chunksize parameter in app.addmediafile and app.addmediafiles media routes. An attacker can cause excessi...

7.5CVSS5.8AI score0.00599EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/19 6:48 p.m.6 views

NiceGUI's unvalidated chunk size parameter in media routes can cause memory exhaustion

Summary NiceGUI's app.addmediafile and app.addmediafiles media routes accept a user-controlled query parameter that influences how files are read during streaming. The parameter is passed to the range-response implementation without validation, allowing an attacker to bypass chunked streaming and...

7.5CVSS5.8AI score0.00599EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26484

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.9.0 Description NiceGUI’s app.add media file and app.add media files functions are susceptible to a flaw where a user-controlled query parameter, passed to the range-response implementation without validation, can...

6.9CVSS5.8AI score0.00599EPSS
Exploits0References7
Rows per page
Query Builder