10 matches found
CVE-2025-66838
The CVE describes an issue in ARIS prior to version 10.0.23.0.3587512 where the file upload function does not enforce rate limiting/throttling. This allows an attacker to upload a large volume of files at an unrestricted rate, potentially causing resource exhaustion such as disk space depletion, ...
CVE-2025-13283
TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...
CVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
CVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
PT-2025-45521
Name of the Vulnerable Software and Affected Versions CVAT versions 2.4.0 through 2.48.1 Description CVAT is an interactive video and image annotation tool for computer vision. A user with the User global role can potentially create or overwrite files in the root of a mounted file share. If a fil...
CVE-2025-5986
A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...
CVE-2025-3877
...
xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk...
DEBIAN-CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleanin...
wwwboard-bomb.txt
WWWBoard v2.0 ALPHA Vulnerability Recently, many vulnerabilities have been found in the popular WWWBoard script written by Matt Wright, this is yet another. When the followup value in a form posted to the WWWBoard script contains the same post number twice, the script follows up to that post twic...