CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-1.4.4-lts.1.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of multer-1.4.4-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

GHSA-G5HG-P3PH-G8QG Multer vulnerable to Denial of Service via unhandled exception

Impact A vulnerability in Multer versions =1.4.4-lts.1, 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process. Patches Users should upgrade to 2.0...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in makeMiddleware, when processing a file upload request. An attacker can cause the application to crash by sending a request with a field name containing an empty string. Remediation A fix was pushed into the master...

CVE-2025-48997

Summary of CVE-2025-48997 (Multer DoS) : Multer, a Node.js middleware for multipart/form-data, is vulnerable starting in version 1.4.4-lts.1 up to but not including 2.0.1. An attacker can trigger a Denial of Service by sending an upload request with an empty string field name, causing an unhandle...

Multer 安全漏洞

Multer is an expressjs open source middleware for Node.js. A security vulnerability exists in Multer versions 1.4.4-lts.1 through prior to 2.0.1, which stems from an upload file request with an empty string field name that could result in a denial of service...

GHSA-7Q22-X757-CMGC Withdrawn Advisory: Symfony http-security has authentication bypass

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. Original Description In Symfony, a security vulnerability was identified in...

CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

Null pointer dereference

The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty field that should have contained a hostname or IP address...

CVE-2017-7458

Removed by vendor...