Lucene search
+L

49 matches found

RedhatCVE
RedhatCVE
added 2026/07/11 7:49 a.m.9 views

CVE-2026-52747

A flaw was found in ModSecurity, an open-source web application firewall WAF. The multipart/form-data request body parser in libmodsecurity incorrectly handles embedded line breaks in non-file form-field values. This discrepancy between ModSecurity and backend applications, which preserve line...

8.6CVSS6.1AI score0.00476EPSS
Exploits1References6
OSV
OSV
added 2026/07/10 10:16 p.m.2 views

UBUNTU-CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.00476EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/10 9:42 p.m.34 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.00476EPSS
Exploits1References3
NVD
NVD
added 2026/06/02 8:16 p.m.14 views

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS0.00143EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-1556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to...

6.9CVSS5.9AI score0.00391EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.13 views

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities due to cross-site scripting vulnerabilities in the Form Plugin file fields,...

8.2CVSS5.7AI score0.00197EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, “Rack::Multipart::Parser” stores non-file form fields fields without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes ...

7.5CVSS6.6AI score0.00528EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005314 advisory. Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a...

7.5CVSS7.1AI score0.00528EPSS
Exploits0References4
Veracode
Veracode
added 2025/11/24 5:46 a.m.9 views

Denial Of Service (DoS)

rack is vulnerable to Denial Of Service. The vulnerability is due to unbounded in-memory storage of non-file multipart form fields in Rack::Multipart::Parser, where attackers can send extremely large text fields that consume process memory and trigger OOM conditions, leading to DoS...

7.5CVSS7AI score0.00528EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2025/11/18 2:42 p.m.5 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/11 7:52 p.m.7 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/11 3:5 p.m.5 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/05 1:11 p.m.4 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 8:2 p.m.3 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 5:6 p.m.3 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/04 11:19 a.m.5 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/03 8:27 p.m.4 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/11/03 8:18 p.m.3 views

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

7.5CVSS6.7AI score0.00528EPSS
Exploits0References8
Amazon
Amazon
added 2025/10/27 12:0 a.m.6 views

Important: pcs

Issue Overview: Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid...

7.5CVSS6.7AI score0.00868EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-61771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a...

7.5CVSS6.9AI score0.00528EPSS
Exploits0References2
Rows per page
Query Builder