Lucene search
K

116 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-55079

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a...

6.5CVSS0.00611EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/07/06 8:54 p.m.6 views

Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...

6.5CVSS6AI score0.00611EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/07/06 8:54 p.m.5 views

GHSA-F962-QM93-MJ4C Coder's unbounded memory allocation in provisioner file upload allows authenticated denial of service

Summary NewDataBuilder in provisionersdk/proto/dataupload.go allocated a byte slice using the client-supplied FileSize from a DataUpload message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the FileSize value itself was unconstrained Impact An authenticated user able to...

4.9CVSS6AI score0.00611EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-56069

Name of the Vulnerable Software and Affected Versions coder versions prior to 2.34.2 coder versions prior to 2.33.8 coder versions prior to 2.32.7 coder versions prior to 2.29.17 Description An authenticated user can trigger a denial of service by sending a small message with an excessively large...

4.9CVSS6AI score0.00611EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/07/01 8:43 p.m.7 views

Moderate: Red Hat Security Advisory: General availability of the satellite/iop-host-inventory-rhel9 container image

A new satellite/iop-host-inventory-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services,...

8.2CVSS6.1AI score0.01438EPSS
Exploits2References7
CVE
CVE
added 2026/07/01 11:58 a.m.22 views

CVE-2026-53906

CVE-2026-53906 affects MCO’s file handling for data export and upload. The underlying issue is improper validation of the filename parameter, allowing path traversal and the potential to write files to arbitrary locations, along with indirect disclosure of absolute server paths via error messages...

8.2CVSS5.9AI score0.00339EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 8:40 p.m.10 views

MAL-2026-6474 Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.13 views

CVE-2026-11333

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 1:45 p.m.13 views

EUVD-2026-34835

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/05 1:45 p.m.10 views

CVE-2026-11333 tittuvarghese CollegeManagementSystem Student Data Upload Endpoint upload_student_data.php unrestricted upload

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboardpage/forms/uploadstudentdata.php of the component Student Data...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References6
CVE
CVE
added 2026/06/05 1:45 p.m.22 views

CVE-2026-11333

CVE-2026-11333 affects the tittuvarghese CollegeManagementSystem. The vulnerability is in an unknown function within the dashboard_page/forms/upload_student_data.php component of the Student Data Upload Endpoint. Manipulation of the Student-Data-CSV argument enables unrestricted file upload, with...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46959

A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unknown function of the file dashboard page/forms/upload student data.php of the component Student Data...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.11 views

CVE-2026-8689

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/12 7:38 p.m.11 views

CVE-2026-41685

A flaw was found in Incus, a system container and virtual machine manager. Authenticated users can exploit this vulnerability by uploading a large amount of data, which can exhaust the Incus server's disk space. This can lead to a Denial of Service DoS condition, potentially taking down the host...

4.3CVSS5.7AI score0.00333EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/11 12:24 p.m.25 views

Important: Red Hat Security Advisory: General availability of the satellite/iop-ingress-rhel9 container image

A new satellite/iop-ingress-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.11 views

SUSE SLES15 Security Update : python-Django (SUSE-SU-2026:1740-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1740-1 advisory. This update for python-Django fixes the following issues - CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header...

9.8CVSS5.9AI score0.00879EPSS
Exploits1References25
SUSE Linux
SUSE Linux
added 2026/05/07 7:0 a.m.12 views

Security update for python-Django

This update for python-Django fixes the following issues CVE-2026-3902: headers spoofing by exploiting an ambiguous mapping of two header variants in ASGIRequest requests bsc1261729. CVE-2026-4277: permissions on inline model instances were not validated on submission of forged POST data in...

6.9CVSS5.8AI score0.00879EPSS
Exploits1References32
VulnCheck KEV
VulnCheck KEV
added 2026/04/20 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-2749

An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...

7.2CVSS6.5AI score0.03854EPSS
In wildExploits1References2
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.4 views

SUSE CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.3CVSS5.8AI score0.00769EPSS
Exploits0References5
NVD
NVD
added 2026/04/07 3:17 p.m.10 views

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS0.00769EPSS
Exploits0References3
Rows per page
Query Builder