Lucene search
K

8311 matches found

Cvelist
Cvelist
added 2026/07/07 10:47 p.m.30 views

CVE-2026-55078 Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS0.00602EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 10:47 p.m.6 views

CVE-2026-55078

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...

6.5CVSS6AI score0.00602EPSS
Exploits0References7Affected Software1
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.85 views

Cisco VPN Routers - Unauthenticated Arbitrary File Upload

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement...

9.8CVSS6.9AI score0.88874EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/07 1:32 p.m.6 views

EUVD-2026-42041

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References10
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-2077 Zope vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user...

3.7CVSS5.6AI score0.00599EPSS
Exploits1References8
NVD
NVD
added 2026/07/07 6:16 a.m.9 views

CVE-2026-10834

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

4.6CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 6:0 a.m.18 views

CVE-2026-10834

The CVE covers the WP Travel Engine WordPress plugin (pre-6.8.1) where input validation for a user-supplied profile image path is insufficient before the file is moved. The vulnerability allows authenticated users with subscriber-level access or higher to relocate arbitrary files within the WordP...

4.6CVSS6AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 6:0 a.m.36 views

CVE-2026-10834 WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 6:0 a.m.7 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:34 a.m.5 views

CVE-2026-57871

Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00361EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 3:3 a.m.4 views

CVE-2026-42145 Coolify: File Upload Without Type or Size Validation in Database Backup Restore

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 3:3 a.m.7 views

CVE-2026-42145

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the file upload endpoint app/Http/Controllers/UploadController.php for database backup restore uploads did not enforce file type or size validation, allowing an authenticat...

3.1CVSS5.9AI score0.0025EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56138

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.474 Description An issue exists in the file upload endpoint app/Http/Controllers/UploadController.php used for database backup restore uploads. The system fails to enforce file type or size validation, whic...

3.1CVSS6.1AI score0.0025EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56146

Name of the Vulnerable Software and Affected Versions WP Travel Engine versions prior to 6.8.1 Description Authenticated users with subscriber-level access and above can relocate arbitrary files within the WordPress uploads directory into their own profile-image path. This occurs because the plug...

4.6CVSS6.2AI score0.00142EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/07/06 9:6 p.m.9 views

Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Summary POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Note: Exploitation requires authenticated file-upload access and the impact i...

6.5CVSS6AI score0.00602EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 9:6 p.m.8 views

GHSA-2MG2-P7R7-G27F Coder: Zip upload decompression lacks aggregate size limit, enabling denial of service

Summary POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Note: Exploitation requires authenticated file-upload access and the impact i...

6.5CVSS6AI score0.00602EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 7:41 p.m.5 views

EUVD-2026-41914

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS6AI score0.00289EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:41 p.m.6 views

CVE-2026-55646

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS6AI score0.00289EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-812 OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service

OpenStack Image Service Glance before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting images that are being uploaded using a token that expires during the process. NOTE: this...

6.8CVSS6AI score0.02376EPSS
Exploits0References11
CVE
CVE
added 2026/07/06 6:0 a.m.17 views

CVE-2026-11962

The FileOrganizer WordPress plugin before 1.2.0 does not validate file types on several file-management operations, enabling authenticated users with file-manager access — extended to sub-administrator roles via the premium add‑on — to upload arbitrary PHP files and achieve remote code execution....

8.8CVSS6.3AI score0.00435EPSS
Exploits0References1
Rows per page
Query Builder