Lucene search
K

201 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in multer-orm (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fb45c09aa7a237b2b9ff18ccf6426b76a4f46e5ea665c7747f35a345940e161 multer-orm is a typosquat of the widely used multer middleware. Its README is copied from multer, but the package adds a load-time dropper in...

6.7AI score
Exploits0References6
OSV
OSV
added 5 days ago9 views

ROOT-APP-NPM-CVE-2026-3520 CVE-2026-3520 in @rootio/multer - Patched by Root

Root has patched CVE-2026-3520 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.8AI score0.00713EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2025-47944 CVE-2025-47944 in @rootio/multer - Patched by Root

Root has patched CVE-2025-47944 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS7.9AI score0.00697EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2025-7338 CVE-2025-7338 in @rootio/multer - Patched by Root

Root has patched CVE-2025-7338 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00649EPSS
Exploits0
OSV
OSV
added 5 days ago8 views

ROOT-APP-NPM-CVE-2025-48997 CVE-2025-48997 in @rootio/multer - Patched by Root

Root has patched CVE-2025-48997 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.4AI score0.00368EPSS
Exploits0
OSV
OSV
added 5 days ago6 views

ROOT-APP-NPM-CVE-2026-5079 CVE-2026-5079 in @rootio/multer - Patched by Root

Root has patched CVE-2026-5079 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00278EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2026-2359 CVE-2026-2359 in @rootio/multer - Patched by Root

Root has patched CVE-2026-2359 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.8AI score0.00663EPSS
Exploits0
OSV
OSV
added 5 days ago7 views

ROOT-APP-NPM-CVE-2025-47935 CVE-2025-47935 in @rootio/multer - Patched by Root

Root has patched CVE-2025-47935 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00683EPSS
Exploits0
OSV
OSV
added 5 days ago9 views

ROOT-APP-NPM-CVE-2026-3304 CVE-2026-3304 in @rootio/multer - Patched by Root

Root has patched CVE-2026-3304 in the @rootio/multer package for Root:npm. Multiple fixed versions available...

8.7CVSS5.8AI score0.00663EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:23 a.m.7 views

Malicious code in multer-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b4df9cf15644bbea3ed944cbf168fdbad1619d0c3e10fff653b0d48c10bbb3 Package name 'multer-express' is similar to the widely used 'multer' middleware for Express. No malicious code patterns, install-time hooks, or...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/24 10:23 a.m.7 views

MAL-2026-6387 Malicious code in multer-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 50b4df9cf15644bbea3ed944cbf168fdbad1619d0c3e10fff653b0d48c10bbb3 Package name 'multer-express' is similar to the widely used 'multer' middleware for Express. No malicious code patterns, install-time hooks, or...

6.1AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:16 p.m.3 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

8.7CVSS5.8AI score0.00663EPSS
Exploits1Affected Software2
EUVD
EUVD
added 2026/06/17 6:12 p.m.52 views

EUVD-2026-36726

Multer vulnerable to Denial of Service via deeply nested field names...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:11 p.m.15 views

EUVD-2026-36728

Multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2026-5038

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

7.5CVSS0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 2:23 p.m.8 views

CVE-2026-5038 multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

5.3CVSS5.4AI score0.00278EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 2:23 p.m.77 views

CVE-2026-5038

MULTER CVE-2026-5038 affects multer’s diskStorage: versions 2.0.0-alpha.1–2.1.1 and 3.0.0-alpha.1 are vulnerable. The root cause is that Readable.pipe() does not propagate the stream destroy signal to the underlying fs.WriteStream, allowing aborted or malformed multipart uploads to leave orphaned...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/15 2:16 p.m.13 views

CVE-2026-5079

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/15 1:56 p.m.13 views

CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 1:56 p.m.43 views

CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS
Exploits0References2
Rows per page
Query Builder