39 matches found
EUVD-2026-29440
multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception...
CVE-2026-8161
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files...
Security update for python-python-multipart
This update for python-python-multipart fixes the following issue: CVE-2026-40347: crafted multipart/form-data can cause a denial of service bsc1262403. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Updated python-tornado packages fix security vulnerabilities
Tornado vulnerable to Header Injection and XSS via reason argument. CVE-2025-67724 Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing. CVE-2025-67725 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters. CVE-2025-67726...
Important: Red Hat Security Advisory: pcs security update
An update for pcs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havin...
AlmaLinux 8 : pcs (ALSA-2026:0930)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:0930 advisory. tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-6772...
RLSA-2026:0930 Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-67726 For more details about...
ALSA-2026:0930 Moderate: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado: Tornado Quadratic DoS via Repeated Header Coalescing CVE-2025-67725 tornado: Tornado Quadratic DoS via Crafted Multipart Parameters CVE-2025-67726 For more details about...
Unauthenticated RCE in React Server Components (React2Shell)
A critical unauthenticated Remote Code Execution RCE vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with "proto",...
Exploit for CVE-2025-55182
react2shell-scanner A command-line tool for detecting CVE-202...
OESA-2025-1996 python-werkzeug security update
A comprehensive WSGI web application library Security Fixes: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal...
Linux Distros Unpatched Vulnerability : CVE-2025-4948
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web...
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup
A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup
A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...
AZL-61921 CVE-2025-4948 affecting package libsoup for versions less than 3.0.4-9
A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...
SUSE CVE-2024-30251
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST multipart/form-data request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further request...
firefox: thunderbird: Cross-origin access to JSON contents through multipart responses
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...
SUSE CVE-2024-9393
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...
Mirage
It is an offensive tool for web exploitation. The tool targets t...