CVE-2026-35602 Vikunja has a File Size Limit Bypass via Vikunja Import

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By...

EUVD-2026-21429

Vikunja has File Size Limit Bypass via Vikunja Import...

Linux Distros Unpatched Vulnerability : CVE-2025-40179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin a...

UBUNTU-CVE-2025-40179

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...

EUVD-2004-1266

Malware in sbrugna...

EUVD-2006-3120

Malware in sbrugna...

EUVD-2005-2284

Malware in sbrugna...

EUVD-2024-0469

Malicious code in bioql PyPI...

EUVD-2024-3533

Malicious code in bioql PyPI...

EUVD-2025-30836

Malicious code in bioql PyPI...

EUVD-2022-7364

Malicious code in bioql PyPI...

EUVD-2022-34669

Malicious code in bioql PyPI...

Denial Of Service (DoS)

Liferay Portal is vulnerable to Denial Of Service DoS. The vulnerability is due to failure to enforce the 300kb file size limit on profile picture uploads, allowing oversized files that can degrade system performance...

Citrix NetScaler Automated backup job is failing after recent upgrade.

After upgrading to NetScaler firmware 13.1.56.x or later , attempts to download backup files using the Nitro API may fail. Customers using automation tools such as Ansible , Postman , or custom scripts may receive the following error when downloading files through the systemfile endpoint: Main...

Jmix 安全漏洞

Jmix is a set of libraries and tools from Jmix, Inc. for accelerating Spring Boot data-centric application development. A security vulnerability exists in Jmix versions 1.0.0 through 1.6.1 and 2.0.0 through 2.3.4, which stems from an improper file size limitation and could result in a denial of...

CVE-2025-31486

Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...

Linux Distros Unpatched Vulnerability : CVE-2022-48827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFSD: Fix the behavior of READ near OFFSETMAX Dan Aloni reports: Due to commit 8cfb9015280d NFS: Always provide aligned buffers to the RPC read layers on the...

Mattermost Data Amplification vulnerability

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...

GHSA-V647-H8JJ-FW5R Mattermost Data Amplification vulnerability

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...

CVE-2024-54682

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin...