61 matches found
CVE-2026-34263
Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...
CVE-2026-34263
Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...
CVE-2026-41269
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally...
CVE-2026-20115
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...
CVE-2026-25962 MarkUs: Zip bomb in config upload enables DoS
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip...
CVE-2026-25962
MarkUs (web application for student submissions and grading) is vulnerable prior to version 2.9.4 due to zip extraction without size or entry-count limits. This can allow a DoS via crafted zip uploads (e.g., for configuration or submissions). The issue is patched in version 2.9.4. If exploiting, ...
CVE-2026-27807 MarkUs: YAML alias (‘billion laughs’) DoS in config upload
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...
CVE-2026-27807 MarkUs: YAML alias (‘billion laughs’) DoS in config upload
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...
CVE-2026-27807 MarkUs: YAML alias (‘billion laughs’) DoS in config upload
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities e.g., assignment settings. These YAML files are parsed with aliases enabled. This issue has been patch...
EUVD-2025-208329
An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...
CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...
CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...
CVE-2026-25057
CVE-2026-25057 affects MarkUs prior to version 2.9.1. Instructors can upload a zip file to create an assignment from an exported configuration, and the zip entry names are used to construct paths for writing files to disk without validating those paths. This can allow arbitrary path usage during ...
CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE
MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003822)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003822 advisory. Two memory leaks in the sja1105staticconfigupload function in drivers/net/dsa/sja1105/sja1105spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003681)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003681 advisory. Two memory leaks in the sja1105staticconfigupload function in drivers/net/dsa/sja1105/sja1105spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial...
CVE-2025-41717
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...
CVE-2025-41717
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to improper control of code generation 'Code...