Lucene search
K

4192 matches found

Nuclei
Nuclei
added 15 hours ago13 views

Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read

Apache CXF before 4.0.4, 3.6.3 and 3.5.8 has a Server-Side Request Forgery SSRF vulnerability when using the Aegis DataBinding. The XOP Include mechanism in multipart SOAP requests can be abused to read local files or make server-side HTTP requests to arbitrary URLs. An attacker can use this to...

9.3CVSS6.9AI score0.05849EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-53538

A flaw was found in Python-Multipart, a tool used for processing web form data. A remote attacker could exploit a vulnerability where the software incorrectly interprets certain characters as separators in web form data. This difference in interpretation compared to standard web practices allows ...

4.8CVSS6.1AI score0.00176EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-52747

A flaw was found in ModSecurity, an open-source web application firewall WAF. The multipart/form-data request body parser in libmodsecurity incorrectly handles embedded line breaks in non-file form-field values. This discrepancy between ModSecurity and backend applications, which preserve line...

8.6CVSS6.1AI score0.0046EPSS
Exploits1References6
NVD
NVD
added 4 days ago8 views

CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.0046EPSS
Exploits1References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.0046EPSS
Exploits1References3
OSV
OSV
added 4 days ago2 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.0046EPSS
Exploits1References5
CVE
CVE
added 4 days ago17 views

CVE-2026-52747

Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...

8.6CVSS6AI score0.0046EPSS
Exploits1References3Affected Software1
NVD
NVD
added 4 days ago6 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-56814 Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42873

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
CVE
CVE
added 4 days ago8 views

CVE-2026-56814

Summary: CVE-2026-56814 affects Plug:Multipart in Elixir’s Plug.Parsers.MULTIPART, where the :length budget is applied only to part body bytes. Part headers are not counted, so requests with many empty-body file parts can slip under the length limit and create a temporary file per part, triggerin...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 4 days ago3 views

form-data: form-data: Form field override via CRLF injection

A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return CR, line feed LF, or double-quote " characters into the field argument of FormDataappend or the filename option. This allows th...

8.7CVSS6.1AI score0.00409EPSS
Exploits0References11
EUVD
EUVD
added 4 days ago18 views

EUVD-2026-34012

Tesla vulnerable to multipart part smuggling via unescaped content-disposition values...

2.1CVSS5.9AI score0.00143EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago13 views

EUVD-2026-34016

Tesla has CRLF injection in request Content-Type header via addcontenttypeparam...

2.1CVSS5.9AI score0.0017EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Langflow < 1.0.19 DoS (CVE-2026-55446)

The version of Langflow installed on the remote host is prior to 1.0.19. It is, therefore, affected by a denial of service vulnerability: - An attacker can send a /api/v1/files/upload/ request without any authentication and abuse a very long multipart form boundary to make the Langflow applicatio...

7.5CVSS6.2AI score0.00321EPSS
Exploits1References2
NVD
NVD
added 5 days ago6 views

CVE-2026-46413

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS0.00366EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-46413 Discourse: Regular users can route multipart uploads into the admin backup store

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS0.00366EPSS
Exploits0References9
CVE
CVE
added 5 days ago8 views

CVE-2026-46413

Discourse (open-source discussion platform) contains a vulnerability tracked as CVE-2026-46413 where, prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This could allow una...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References9Affected Software1
NVD
NVD
added 6 days ago7 views

CVE-2026-56669

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...

7.5CVSS0.00358EPSS
Exploits0References4
Rows per page
Query Builder