4724 matches found
CVE-2025-48997
Summary of CVE-2025-48997 (Multer DoS) : Multer, a Node.js middleware for multipart/form-data, is vulnerable starting in version 1.4.4-lts.1 up to but not including 2.0.1. An attacker can trigger a Denial of Service by sending an upload request with an empty string field name, causing an unhandle...
CVE-2025-48997 Multer vulnerable to Denial of Service via unhandled exception
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes ...
Multer 安全漏洞
Multer is an expressjs open source middleware for Node.js. A security vulnerability exists in Multer versions 1.4.4-lts.1 through prior to 2.0.1, which stems from an upload file request with an empty string field name that could result in a denial of service...
Medium: mariadb105
Issue Overview: MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2. CVE-2023-52969 MariaDB Server 10.4 through 10.5., 10.6 through 10.6.,...
PT-2025-29027
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to the ASoC Advanced Linux Sound Architecture Intel audio subsystem. Specifically, the parse int array function does not adequately validate t...
MINI-RGHX-G2G4-R5F8
Bulletin has no description...
MINI-4987-MXJX-5F92
Bulletin has no description...
kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung
An out-of-bounds read vulnerability exists in the pppsynctxmunge function in the Linux kernel's PPP subsystem. Insufficient bounds checking on incoming PPP packets may lead to a kernel crash if a packet with an empty or truncated payload is processed...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to the elfgcsweep function in the bfd/elflink.c file. An attacker can cause memory corruption and program crash by manipulating empty groups. This is only exploitable if the attacker has local access...
OESA-2025-1549 nss security update
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
CVE-2024-47221
CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...
CVE-2024-56375
An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...
CVE-2024-38993
rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-36611
In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...
CVE-2024-28744
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user...
CVE-2024-37217
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...
CVE-2024-6443
In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty...
CVE-2023-31476
An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...
CVE-2023-51987
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...
CVE-2022-41232
A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...