Lucene search
K

38 matches found

Nuclei
Nuclei
added yesterday19 views

dash-uploader 0.1.0 - 0.7.0a2 - Denial-of-Service via flowTotalChunks

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a remote code execution caused by improper handling in Upload function and maxfilesize parameter in dashuploader components, letting remote attackers execute arbitrary code, exploit requires crafted request. id: CVE-2026-38361 info: name:...

7.5CVSS7.9AI score0.02643EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday15 views

dash-uploader 0.1.0 - 0.7.0a2 - Unauthenticated Arbitrary File Write via Path Traversal

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a directory traversal vulnerability caused by improper handling in dashuploader/httprequesthandler.py components, letting remote attackers execute arbitrary code, exploit requires no special privileges. id: CVE-2026-38360 info: name:...

9.8CVSS7.6AI score0.05982EPSS
Exploits4References4
OSV
OSV
added 3 days ago5 views

PYSEC-2026-320 dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6.1AI score0.05982EPSS
Exploits4References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.14 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS6.2AI score0.05982EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

7.5CVSS5.5AI score0.02643EPSS
Exploits5References1
OSV
OSV
added 2026/05/08 6:31 p.m.6 views

GHSA-3RF6-X59V-5JFV dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8
EUVD
EUVD
added 2026/05/08 6:31 p.m.13 views

EUVD-2026-28802

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, aseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS6.2AI score0.05982EPSS
Exploits4References7
vulnersOsv
vulnersOsv
added 2026/05/08 6:31 p.m.7 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: OSV:GHSA-3RF6-X59V-5JFV...

9.8CVSS7.2AI score0.05982EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2026/05/08 6:31 p.m.9 views

dash-uploader has a directory traversal vulnerability

Impact An unauthenticated path traversal vulnerability exists in dash-uploader versions 0.1.0 through 0.7.0a2. The library's HTTP request handler at dashuploader/httprequesthandler.py reads three form parameters uploadid, resumableFilename, resumableIdentifier from request.form.get and passes the...

9.8CVSS6AI score0.05982EPSS
Exploits4References8Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/08 6:28 p.m.9 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38360 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38360 Source advisory: SNYK:PYTHON-DASHUPLOADER-16635838...

9.8CVSS7.2AI score0.05982EPSS
Exploits4
Snyk
Snyk
added 2026/05/08 6:28 p.m.6 views

Directory Traversal

Overview dash-uploader is an Upload large files using resumable.js Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied input in the gettemproot and post functions. An attacker can gain unauthorized access to files and execute arbitrary...

9.8CVSS6.5AI score0.05982EPSS
Exploits4References2
NVD
NVD
added 2026/05/08 5:16 p.m.14 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS0.05982EPSS
Exploits4References8
vulnersOsv
vulnersOsv
added 2026/05/08 4:31 p.m.9 views

aurora-cycler-manager (>=0.10.0 <=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +9 more potentially affected by CVE-2026-38361 via dash-uploader (>=0.6.0 <=0.7.0a2)

dash-uploader PYPI version =0.6.0, =0.10.0, =3.6.19, =0.0.11, =0.0.30, =0.2.4b0, =0.0.50.0, =0.1.7.3, =2.0.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38361 Source advisory: SNYK:PYTHON-DASHUPLOADER-16635848...

7.5CVSS7AI score0.02643EPSS
Exploits5
Snyk
Snyk
added 2026/05/08 4:31 p.m.8 views

Arbitrary Code Injection

Overview dash-uploader is an Upload large files using resumable.js Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of the Upload function and the maxfilesize parameter in the affected components. An attacker can execute arbitrary code remotely by...

9.2CVSS6.2AI score0.02643EPSS
Exploits5References2
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2026-28645

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

7.5CVSS6.2AI score0.02643EPSS
Exploits5References10
OSV
OSV
added 2026/05/08 3:16 p.m.6 views

PYSEC-2026-37

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

7.5CVSS6.2AI score0.02643EPSS
Exploits5References9
NVD
NVD
added 2026/05/08 3:16 p.m.8 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

7.5CVSS0.02643EPSS
Exploits5References11
vulnersOsv
vulnersOsv
added 2026/05/08 3:16 p.m.9 views

aurora-cycler-manager (=0.11.4), fusion-tools (>=3.6.19 <=3.6.90) +7 more potentially affected by CVE-2026-38361 via dash-uploader (>=0.6.0 <=0.6.1)

dash-uploader PYPI version =0.6.0, =3.6.19, =0.0.11, =0.0.30, =0.0.50.0, =0.2.1, =0.2.0, =0.4.1 Source cves: CVE-2026-38361 Source advisory: OSV:PYSEC-2026-37...

7.5CVSS7AI score0.02643EPSS
Exploits5
PyPA
PyPA
added 2026/05/08 3:16 p.m.16 views

PYSEC-2026-37

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

7.5CVSS6.2AI score0.02643EPSS
Exploits5References9Affected Software1
CVE
CVE
added 2026/05/08 12:0 a.m.17 views

CVE-2026-38361

CVE-2026-38361 affects fohrloop/dash-uploader (versions 0.1.0–0.7.0a2). The flaw resides in dash_uploader/httprequesthandler.py and related components where attacker-controlled resumableTotalChunks and related parameters enable unbounded memory allocation (OOM) and a file-truncation path, leading...

7.5CVSS5.5AI score0.02643EPSS
Exploits5References11Affected Software1
Rows per page
Query Builder