CVE-2026-55744 Cotonti CSRF in PFS allows forced arbitrary file upload

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

EUVD-2026-37855

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

CVE-2026-41853

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41853

CVE-2026-41853 concerns Multipart request smuggling in Spring Framework’s Spring MVC and WebFlux components. Affected are Spring Framework versions: 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48. The CVE entry identifies the issue as a vulnerability in multipart handling, with an accompan...

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

Spring Framework 环境问题漏洞

The Spring Framework is an application development framework developed by Spring in open source. Versions of the Spring Framework such as 7.0.0 and earlier, 6.2.0 and earlier, 6.1.0 and earlier, and 5.3.0 and earlier have environmental vulnerabilities. These vulnerabilities stem from the fact tha...

Exploit for CVE-2026-5118

Divi Form Builder ⚠️ WARNING: This tool is for authorized p...

[SECURITY] [DLA 4488-1] modsecurity-crs security update

Debian LTS Advisory DLA-4488-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost February 22, 2026 https://wiki.debian.org/LTS Package : modsecurity-crs Version : 3.3.4-1deb11u2 CVE ID : CVE-2023-38199 CVE-2026-21876 Debian Bug : 1041109 1125084 Multiple issues have be...

Denial Of Service (DoS)

Apache Struts is vulnerable to Denial Of Service DoS. The vulnerability is due to a file leak in multipart request processing, where temporary files are not properly cleaned up, allowing attackers to trigger uncontrolled disk usage and exhaust server storage...

EUVD-2018-0736

Malware in sbrugna...

EUVD-2017-1402

Malware in sbrugna...

EUVD-2025-7093

Malicious code in bioql PyPI...

EUVD-2023-3135

Malicious code in bioql PyPI...

SUSE-SU-2025:02280-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. ...

SUSE-SU-2025:02261-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Fixed refactor CGI servlet to access resources via WebResources bsc1243815. - Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. - Fixed expand checks for...

Apache Tomcat 9.0.0-M1 < 9.0.106 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...

Denial Of Service (DoS)

ZenML is vulnerable to a Denial of Service DoS. The vulnerability is due to a flaw in multipart request boundary processing, allowing an attacker to trigger an infinite loop and cause excessive resource consumption...

CVE-2024-10821

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...

InvokeAI has Denial of Service (DoS) vulnerability in `/api/v1/images/upload`

A Denial of Service DoS vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server version v5.0.1 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries...