Lucene search
+L

964 matches found

CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Tesla 安全漏洞

Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 0.8.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of escaping of the Content-Disposition parameter value, which could lead to multipart header injection attacks...

2.1CVSS5.3AI score0.00143EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 2:26 p.m.50 views

CVE-2026-47119 Agent Zero < 1.15 Stored XSS via image_get API Endpoint

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

6.1CVSS0.00236EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/27 12:37 a.m.13 views

Interpretation Conflict

Overview @hapi/content is a HTTP Content- headers parsing Affected versions of this package are vulnerable to Interpretation Conflict due to inconsistent handling of duplicate parameters in the Content.disposition and Content.type functions. An attacker can bypass upload filename allowlists or...

8.6CVSS5.8AI score0.00052EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 12:37 a.m.21 views

@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters

Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...

7.7CVSS5.7AI score0.00052EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43630

Name of the Vulnerable Software and Affected Versions @rootio/hapi content versions prior to 6.0.2 Description Inconsistent duplicate parameter resolution in the Content.disposition and Content.type functions creates a parameter-smuggling primitive. While Content.disposition retains the last...

7.7CVSS5.3AI score0.00052EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 4:56 p.m.4 views

CVE-2026-44729 Twenty: Stored Cross-Site Scripting via Unsanitized File Serving (Missing Content-Type/Content-Disposition Headers)

Twenty is an open source CRM. In 1.18.0 and earlier, the file serving endpoints in Twenty CRM at /files/ and /file/:fileFolder/:id serve uploaded files using fileStream.piperes without setting any Content-Type, Content-Disposition, or X-Content-Type-Options response headers. This allows an...

8.7CVSS5.9AI score0.00258EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.26 views

PT-2026-44139

Name of the Vulnerable Software and Affected Versions Symfony affected versions not specified Description The ParameterizedHeader class and related parameter handling in Headers fails to validate parameter names when serializing structured headers like Content-Type and Content-Disposition. While...

6.3CVSS6.1AI score0.00292EPSS
Exploits0References17
EUVD
EUVD
added 2026/05/20 5:48 p.m.17 views

EUVD-2026-31146

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

9.4CVSS6.5AI score0.00563EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 5:48 p.m.32 views

CVE-2026-9102 Path Traversal in Altium Enterprise Server ComparisonService Allows Arbitrary File Write

A path traversal vulnerability exists in the Altium Enterprise Server ComparisonService due to missing filename sanitization in the Gerber file upload APIs. A regular authenticated workspace user can supply a crafted filename in the multipart Content-Disposition header to escape the intended...

9.4CVSS0.00563EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ruby-Rack

There is a denial-of-service vulnerability in the Content-Disposition parsing component of Rack, which was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow an attacker to create an input that causes the Content-Disposition header parsing in Rack to take an...

7.5CVSS6.6AI score0.01503EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could lead to reflected file download attacks that potentially trick users into installing malware. This vulnerability affects Firefox 112, Focu...

8.8CVSS7.1AI score0.00737EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. A vulnerability was discovered in Sinatra 2.0 before versions 2.2.3 and 3.0 before version 3.0.4. The application is vulnerable to a reflected file download RFD attack, which causes the Content-Disposition header of a...

8.8CVSS6.9AI score0.00642EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libsoup2.4

A use-after-free vulnerability was discovered in libsoup, within the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7AI score0.0091EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

In multipart/x-mixed-replace responses, the Content-Disposition: attachment header in the response was not respected, and no download was forced, which could allow XSS attacks. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

6.1CVSS6.8AI score0.00572EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:40 p.m.16 views

Regular Expression Denial of Service (ReDoS)

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption and block the...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/18 5:40 p.m.13 views

EUVD-2026-29439

multiparty vulnerable to ReDoS via filename parsing...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
OSV
OSV
added 2026/05/18 5:40 p.m.9 views

GHSA-65X3-RW7Q-GX94 multiparty vulnerable to ReDoS via filename parsing

Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/18 5:40 p.m.12 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Content-Disposition filename parameter parsing. An attacker can cause excessive resource consumption...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 5:40 p.m.22 views

multiparty vulnerable to ReDoS via filename parsing

Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 5:35 p.m.37 views

multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder