Multer vulnerable to Denial of Service via incomplete cleanup

Impact A vulnerability in Multer versions 2.1.0 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing resource exhaustion. Patches Users should upgrade to 2.1.0 Workarounds None...

CVE-2026-3304

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch...

CVE-2026-3304 Multer vulnerable to Denial of Service via incomplete cleanup

Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service DoS by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch...

Authentication Bypass by Alternate Name

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name while serving static files from...

Arbitrary Command Injection

Overview borgmatic is a Simple, configuration-driven backup software for servers and workstations Affected versions of this package are vulnerable to Arbitrary Command Injection via the command hook interpolation logic in borgmatic. An attacker can execute arbitrary shell commands by supplying...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the Manager web UI endpoints /api/v1/jobs and /preheats. An attacker can gain unauthorized access to create, delete, or modify jobs, and initiate preheat jobs by sending unauthenticated requests to these...

PT-2025-38260

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description Dragonfly2 uses the os.MkdirAll function to create directory paths with specific access permissions. This function does not perform permission checks if a directory path already exists, allowing a...

PT-2025-38259

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The processPieceFromSource method in Dragonfly does not correctly update the usedTraffic field within the Task structure due to the use of an uninitialized variable n instead of result.Size when...

BIT-NIFI-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data. An authenticated attacker can read arbitrary files by double writing the param used during deserialization. Details Serialization is a process of converting an object into a sequence of bytes which can...

PT-2025-4961 · Unknown · Google Map With Fancybox

Name of the Vulnerable Software and Affected Versions: Google Map With Fancybox versions prior to 2.1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for Cross-site Scripting XSS. Specifically, it enables Reflected XSS...

PT-2024-10215 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 2.0.0 Description: The issue is related to missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers when creating new Process...

PT-2024-40361 · Surrealdb · Surrealdb

Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.1.0 Description: The issue arises when using an ORDER BY clause with the rand function for sorting table records, which can cause a panic due to a comparison function that does not implement total order. This can...

PT-2024-31397 · Phpoffice · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PHPSpreadsheet versions prior to 2.1.0 Description: The issue concerns the PhpOfficePhpSpreadsheetWriterHtml component, which fails to sanitize spreadsheet styling information, such as font names. This allows an attacker to inject arbitrary...

PT-2024-28715 · Zot · Zot

Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.0 Description: The cache driver GetBlob in zot, an OCI image registry, allows read access to any blob without an access control check. If a Zot accessControl policy allows users read access to some repositories but...

PT-2023-29925 · Kimai · Kimai

Name of the Vulnerable Software and Affected Versions: Kimai versions prior to 2.1.0 Description: Kimai, a web-based multi-user time-tracking application, is vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a...

PT-2023-26420 · Apache · Apache Felix Healthcheck Webconsole Plugin

Name of the Vulnerable Software and Affected Versions: Apache Felix Healthcheck Webconsole Plugin versions 2.0.2 and prior Description: An improper neutralization of input during web page generation, also known as Cross-site Scripting, may allow an attacker to perform a reflected cross-site...

PT-2023-23520 · Froxlor · Froxlor

Name of the Vulnerable Software and Affected Versions: froxlor/froxlor versions prior to 2.1.0 Description: The issue is related to session fixation, where session ids are not regenerated appropriately. This may result in session fixation. Recommendations: For versions prior to 2.1.0, update to...

PT-2023-2986 · Oracle · Mysql Server

Name of the Vulnerable Software and Affected Versions: EaseProbe versions prior to 2.1.0 Description: The issue is related to an SQL injection problem in EaseProbe when using MySQL/PostgreSQL data checking. This occurs due to a lack of protection measures for the SQL query structure, allowing an...