Security Bulletin: MongoDB Enterprised Advanced affected by: Uncontrolled Resource Consumption (CVE-2026-22740)

Summary There are vulnerabilities in spring-web-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22740. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests create...

CVE-2026-41853

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48...

Spring Framework 资源管理错误漏洞

The Spring Framework is an application development framework developed by Spring in open source. Vulnerabilities related to resource management exist in versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the Spring Framework. These vulnerabilities may lead to...

Missing Release of Memory after Effective Lifetime

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Missing Release of Memory after Effective...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

LAB 1 — Apache Struts2 OGNL Injection CVE-2017-5638 / S2-045...

GHSA-468C-VQ7P-GH64 Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service

Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...

CVE-2026-22740

A flaw was found in Spring WebFlux, a component of the Spring Framework. A remote attacker can exploit this vulnerability by sending specially crafted multipart requests to a WebFlux server application. When processing these requests, the server creates temporary files that, under certain...

Linux Distros Unpatched Vulnerability : CVE-2026-22740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain no...

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

DEBIAN-CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

UBUNTU-CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

CVE-2026-22740 Spring Framework DoS with Multipart Temp Files in WebFlux

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

CVE-2026-40347 Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

GHSA-MJ87-HWQH-73PJ python-multipart affected by Denial of Service via large multipart preamble or epilogue data

Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...

CodoForum-v5.1---Remote-Code-Execution-RCE-

CodoForum v5.1 - Authenticated RCE Fixed Exploit CVE: 20...

Debian dsa-6105 : modsecurity-crs - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6105 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/...

OESA-2026-1108 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

OESA-2026-1106 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...