Lucene search
K

4724 matches found

CVE
CVE
added 2025/06/03 6:21 p.m.199 views

CVE-2025-48997

Summary of CVE-2025-48997 (Multer DoS) : Multer, a Node.js middleware for multipart/form-data, is vulnerable starting in version 1.4.4-lts.1 up to but not including 2.0.1. An attacker can trigger a Denial of Service by sending an upload request with an empty string field name, causing an unhandle...

8.7CVSS5.3AI score0.00368EPSS
Exploits0References4
OSV
OSV
added 2025/06/03 6:21 p.m.5 views

CVE-2025-48997 Multer vulnerable to Denial of Service via unhandled exception

Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes ...

8.7CVSS6.2AI score0.00368EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.4 views

Multer 安全漏洞

Multer is an expressjs open source middleware for Node.js. A security vulnerability exists in Multer versions 1.4.4-lts.1 through prior to 2.0.1, which stems from an upload file request with an empty string field name that could result in a denial of service...

8.7CVSS6AI score0.00368EPSS
Exploits0References5
Amazon
Amazon
added 2025/06/02 12:0 a.m.5 views

Medium: mariadb105

Issue Overview: MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2. CVE-2023-52969 MariaDB Server 10.4 through 10.5., 10.6 through 10.6.,...

6.8CVSS5.6AI score0.00432EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/05/30 12:0 a.m.3 views

PT-2025-29027

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to the ASoC Advanced Linux Sound Architecture Intel audio subsystem. Specifically, the parse int array function does not adequately validate t...

5.5CVSS6.5AI score0.00145EPSS
Exploits0
OSV
OSV
added 2025/05/29 1:10 a.m.2 views

MINI-RGHX-G2G4-R5F8

Bulletin has no description...

5.5CVSS7.8AI score0.00214EPSS
Exploits0
OSV
OSV
added 2025/05/29 1:8 a.m.1 views

MINI-4987-MXJX-5F92

Bulletin has no description...

5.9CVSS7.7AI score0.01026EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/28 3:30 a.m.4 views

kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung

An out-of-bounds read vulnerability exists in the pppsynctxmunge function in the Linux kernel's PPP subsystem. Insufficient bounds checking on incoming PPP packets may lead to a kernel crash if a packet with an empty or truncated payload is processed...

7.1CVSS6.9AI score0.00161EPSS
Exploits0References5
Snyk
Snyk
added 2025/05/27 1:0 p.m.1 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to the elfgcsweep function in the bfd/elflink.c file. An attacker can cause memory corruption and program crash by manipulating empty groups. This is only exploitable if the attacker has local access...

7.8CVSS6.7AI score0.00235EPSS
Exploits1References2
OSV
OSV
added 2025/05/23 2:0 p.m.2 views

OESA-2025-1549 nss security update

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

6.5CVSS8.6AI score0.0063EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.6 views

CVE-2024-47221

CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password...

7.5CVSS6.9AI score0.0035EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:7 a.m.4 views

CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

7.5CVSS6.9AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.5 views

CVE-2024-38993

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

9.8CVSS6.2AI score0.00876EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.4 views

CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

7.5CVSS5.9AI score0.00761EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.8 views

CVE-2024-28744

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user...

8.8CVSS7AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.6 views

CVE-2024-37217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...

6.5CVSS6.8AI score0.00261EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:37 a.m.13 views

CVE-2024-6443

In utf8trunc in zephyr/lib/utils/utf8.c, lastbytep can point to one byte before the string pointer if the string is empty...

6.5CVSS6.8AI score0.00583EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:55 a.m.6 views

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

7.5CVSS7.2AI score0.00804EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:0 a.m.7 views

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

9.8CVSS6.9AI score0.00916EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 11:42 p.m.5 views

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

8CVSS7.4AI score0.00447EPSS
Exploits0References1
Rows per page
Query Builder