CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

152 matches found

GithubExploit•added 2026/05/26 4:9 p.m.•65 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

LAB 1 — Apache Struts2 OGNL Injection CVE-2017-5638 / S2-045...

10CVSS7.6AI score0.94267EPSS

Exploits44

OSV•added 2026/05/20 3:35 p.m.•3 views

GHSA-468C-VQ7P-GH64 Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service

Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...

8.2CVSS5.9AI score0.00269EPSS

Exploits0References11

RedhatCVE•added 2026/05/05 1:29 p.m.•3 views

CVE-2026-22740

A flaw was found in Spring WebFlux, a component of the Spring Framework. A remote attacker can exploit this vulnerability by sending specially crafted multipart requests to a WebFlux server application. When processing these requests, the server creates temporary files that, under certain...

6.5CVSS5.8AI score0.00061EPSS

Exploits0References5

Tenable Nessus•added 2026/05/05 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-22740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain no...

6.5CVSS5.8AI score0.00061EPSS

Exploits0References3

NVD•added 2026/04/29 12:16 p.m.•0 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS0.00061EPSS

Exploits0References2

OSV•added 2026/04/29 12:16 p.m.•1 views

DEBIAN-CVE-2026-22740

6.5CVSS5.8AI score0.00061EPSS

Exploits0References1

UbuntuCve•added 2026/04/29 12:16 p.m.•1 views

CVE-2026-22740

6.5CVSS5.8AI score0.00061EPSS

Exploits0References2

OSV•added 2026/04/29 12:16 p.m.•1 views

UBUNTU-CVE-2026-22740

6.5CVSS5.8AI score0.00061EPSS

Exploits0References3

Cvelist•added 2026/04/29 10:46 a.m.•31 views

CVE-2026-22740 Spring Framework DoS with Multipart Temp Files in WebFlux

6.5CVSS0.00061EPSS

Exploits0References2

Cvelist•added 2026/04/17 11:56 p.m.•29 views

CVE-2026-40347 Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

5.3CVSS0.00022EPSS

Exploits0References2

OSV•added 2026/04/15 7:45 p.m.•2 views

GHSA-MJ87-HWQH-73PJ python-multipart affected by Denial of Service via large multipart preamble or epilogue data

Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...

5.3CVSS5.8AI score0.00022EPSS

Exploits0References4

GithubExploit•added 2026/03/20 9:46 a.m.•123 views

CodoForum-v5.1---Remote-Code-Execution-RCE-

CodoForum v5.1 - Authenticated RCE Fixed Exploit CVE: 20...

5.9AI score

Exploits0

Tenable Nessus•added 2026/01/21 12:0 a.m.•3 views

Debian dsa-6105 : modsecurity-crs - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6105 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6105-1 [email protected] https://www.debian.org/security/...

9.3CVSS5.9AI score0.03984EPSS

Exploits4References5

OSV•added 2026/01/16 11:59 a.m.•3 views

OESA-2026-1108 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•2 views

OESA-2026-1106 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

OSV•added 2026/01/16 11:59 a.m.•1 views

OESA-2026-1104 mod_security_crs security update

9.3CVSS6.8AI score0.03984EPSS

Exploits4References2

RedhatCVE•added 2026/01/09 9:1 a.m.•2 views

CVE-2023-25578

Starlite is an Asynchronous Server Gateway Interface ASGI framework. Prior to version 1.5.2, the request body parsing in starlite allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and ...

7.5CVSS6.8AI score0.01275EPSS

Exploits1References1

NVD•added 2026/01/08 2:15 p.m.•5 views

CVE-2026-21876

The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a...

9.3CVSS0.03984EPSS

Exploits4References6

OSV•added 2026/01/08 2:15 p.m.•0 views

UBUNTU-CVE-2026-21876

9.3CVSS5.8AI score0.03984EPSS

Exploits4References7