Spring Framework 5.3.x < 5.3.48 / 6.1.x < 6.1.27 / 6.2.x < 6.2.18 / 7.0.x < 7.0.7 Multiple DoS

The version of Spring Framework installed on the remote host is 5.3.x prior to 5.3.48, 6.1.x prior to 6.1.27, 6.2.x prior to 6.2.18, or 7.0.x prior to 7.0.7. It is, therefore, affected by multiple vulnerabilities: - A WebFlux server application that processes multipart requests creates temp files...

Astra Linux - уязвимость в libsoup2.4

A flaw was discovered in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications for handling web communications. The issue arises when the library processes specially crafted multipart messages. Due to improper validation, an...

Incomplete Cleanup

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Incomplete Cleanup via multipart request...

CVE-2026-34517

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

Path Traversal

AdonisJS is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths during multipart file handling, which allows a remote attacker to write arbitrary files to arbitrary locations on the server filesystem...

CVE-2026-21440

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

CVE-2026-21440 AdonisJS Path Traversal in Multipart File Handling

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

CVE-2026-21440

CVE-2026-21440 is a path traversal vulnerability in AdonisJS bodyparser (MultipartFile.move) that allows writing files outside the intended directory when the client-supplied filename is not sanitized. Root cause: move(location, options?) defaults to using clientName and path.join(location, fileN...

bodyparser 路径遍历漏洞

bodyparser is an open source BodyParser middleware on AdonisJS from AdonisJS Framework. A path traversal vulnerability exists in bodyparser versions 10.1.1 and earlier and 11.0.0-next.6 and earlier, which stems from the existence of a path traversal in multipart file handling that could result in...

Exploit for CVE-2025-55182

CVE-2025-55182 – React Server Components RCE Exploit Fixed Mult...

CVE-2025-64775

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

Prototype Pollution

@hapi/pez is vulnerable to Prototype Pollution. The vulnerability is due to improper handling of multipart payloads, allowing an attacker to craft a part whose content becomes the payload object's prototype, which enables bypassing validation rules or causing exceptions when accessing the request...

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2025-2103)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2025-1934)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup. The libsoup appendparamquoted function may contain an overflow bug resulting in a buffer under-read.CVE-2025-32050 A...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception due to improper handling of multipart requests. An attacker can cause the application to crash by sending a specially crafted malformed multi-part upload request that triggers an unhandled exception. Remediation A fix...

undertow: OutOfMemoryError due to @MultipartConfig handling

A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service DoS attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass...

PT-2025-22069 · Multer · Multer

Name of the Vulnerable Software and Affected Versions: Multer versions 1.4.4-lts.1 through 1.4.4-lts.x and versions prior to 2.0.0 Description: A Denial of Service DoS issue is present, allowing an attacker to trigger a crash of the process by sending a malformed multi-part upload request, causin...

PT-2024-30189 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python affected versions not specified Description: The issue is related to a Denial of Service DoS in Python's multipart handling. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

CVE-2024-5950

Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...

golang: net/http, mime/multipart: denial of service from excessive resource consumption

A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service...