Lucene search
K

807 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/22 7:7 a.m.6 views

CVE-2026-6022

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 7:7 a.m.5 views

CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 3:31 p.m.10 views

EUVD-2024-55542

Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/17 8:11 a.m.7 views

CVE-2026-6434

A flaw was found in rust-coreutils. The uusort utility creates temporary files with insecure permissions readable and writable by all local users when performing external sorting. Additionally, these temporary files are not reliably removed if the uusort program terminates unexpectedly due to...

5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability arises from the uusort utility creating temporary files with insecure permissions during the execution of external sorting operations. Thes...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/04/17 12:0 a.m.6 views

Incomplete Cleanup

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Incomplete Cleanup via multipart request...

7.1CVSS5.5AI score0.00344EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/15 5:31 p.m.2 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

A denial of service flaw has been discovered in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete...

5.3CVSS6.6AI score0.01139EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/15 9:51 a.m.7 views

CVE-2024-33618

Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References2Affected Software8
CVE
CVE
added 2026/04/15 9:51 a.m.16 views

CVE-2024-33618

CVE-2024-33618 affects Bosch VMS Central Server (Bosch VMS 12.0.1). The issue is uncontrolled resource consumption that can cause excessive disk-space usage over the network interface. The provided documents do not specify the root cause details, vulnerable component version ranges beyond 12.0.1,...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Bosch VMS Central Server 安全漏洞

Bosch VMS Central Server is a core server component of the video management system developed by the German company Bosch. Version 12.0.1 of Bosch VMS Central Server contains a security vulnerability. This vulnerability stems from uncontrolled consumption of network interface resources, which coul...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33033

CVE-2024-33618 Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface. https://t.co/8se9odIyBk...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the safeextractall function not checking the size, cumulative size, or quantity of archived files...

6.5CVSS5.8AI score0.00243EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/04 4:29 p.m.2 views

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

A denial of service flaw has been discovered in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete...

5.3CVSS6.6AI score0.01139EPSS
Exploits0References6
OSV
OSV
added 2026/04/02 5:16 p.m.2 views

DEBIAN-CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.3AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 5:16 p.m.7 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS0.00369EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 4:46 p.m.24 views

CVE-2026-34829

Rack is vulnerable to a Denial of Service caused by unbounded multipart file uploads when a request uses multipart/form-data without a Content-Length header. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO if CONTENT_LENGTH exists; w...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/02 4:46 p.m.22 views

CVE-2026-34829 Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29817

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack's Rack::Multipart::Parser does not limit the size of multipart uploads when a Content-Length header is not present, such as with HTTP chunked transfer encoding. Specifically, wh...

7.8CVSS5.9AI score0.0043EPSS
Exploits0References54
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29910

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENT LENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

7.5CVSS5.9AI score0.00369EPSS
Exploits0References4
NVD
NVD
added 2026/03/23 3:16 p.m.3 views

CVE-2026-33483

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

7.5CVSS0.00605EPSS
Exploits1References2
Rows per page
Query Builder