Lucene search
K

1057 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:23 a.m.11 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.4AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:18 a.m.4 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.4AI score0.64718EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/10/27 5:15 p.m.4 views

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

9.8CVSS6AI score0.00796EPSS
Exploits1References3
NVD
NVD
added 2025/10/27 5:15 p.m.4 views

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

9.8CVSS0.00796EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.5 views

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

6.7AI score0.00796EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

Rocket TRUfusion Enterprise 安全漏洞

Rocket TRUfusion Enterprise is a product lifecycle management platform from Rocket USA. A security vulnerability exists in Rocket TRUfusion Enterprise version 7.10.4.0 and earlier, which stems from not properly cleaning up inputs to the /trufusionPortal/fileupload endpoint, which could lead to a...

9.8CVSS6.8AI score0.00796EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-43987

Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description The application does not properly sanitize input to the /trufusionPortal/fileupload endpoint, allowing path traversal sequences to be included. This can allow writing to any filename...

9.8CVSS7.2AI score0.00796EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/27 12:0 a.m.5 views

EUVD-2025-36212

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

6.6AI score0.00796EPSS
Exploits1References4
CVE
CVE
added 2025/10/27 12:0 a.m.22 views

CVE-2025-27224

TRUfusion Enterprise (versions up to 7.10.4.0) is affected by insecure handling of the /trufusionPortal/fileupload endpoint, where input is not properly sanitized, enabling path traversal sequences to write arbitrary files anywhere on the local server and potentially execute code. Root cause: ins...

9.8CVSS6.7AI score0.00796EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 3:45 p.m.13 views

Security Bulletin: Vulnerability Werkzeug, Twisted-22.10.0-py3, requests-2.32.2-py3, commons-lang-2.6, commons-fileupload-1.5, urllib3-2.2.2, jetty-server-9.4.56.v20240826 affect IBM Cloud Object Storage Systems (Oct 2025)

Summary Vulnerability with Werkzeug CVE-2024-34069, CVE-2023-46136 ,CVE-2024-49767, CVE-2024-49766 Twisted-22.10.0-py3 CVE-2024-41810, CVE-2023-46137, CVE-2024-41671, requests-2.32.2-py3 CVE-2024-47081, urllib3-2.2.2 CVE-2025-50182,CVE-2025-501810 commons-lang-2.6CVE-2025-48924,...

8.3CVSS7.5AI score0.03397EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 3:50 a.m.6 views

Security Bulletin: DoS vulnerability in Apache Commons FileUpload library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48976)

Summary Apache Commons FileUpload library is used by Tivoli Netcool/OMNIbus WebGUI as part of Map Resources admin component. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/24 12:0 a.m.7 views

IBM MQ DoS (7248944)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7248944 advisory. - Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

7.5CVSS7.2AI score0.64718EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:30 p.m.6 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons FileUpload

Summary vulerability in IBM Spectrum Symphony with Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.11 views

TencentOS Server 3: tomcat (TSSA-2025:0797)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0797 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS7.7AI score0.64718EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/15 2:47 p.m.15 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

7.5CVSS8.7AI score0.64718EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/14 10:44 p.m.10 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48976)

Summary The following vulnerabilities, which can affect IBM Storage Scale and the Management GUI and could provide weaker-than-expected security, are now fixed in Storage Scale 5.1.9.12 and 5.2.3.3 or higher CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/12 4:50 p.m.8 views

Security Bulletin: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload, (CVE-2025-48976) affects IBM PowerVM Novalink.

Summary A DoS vulnerability in Apache Commons FileUpload before 1.6 and 2.0.0-M4 allows resource exhaustion via multipart headers. Fixed in versions 1.6 and 2.0.0-M4. PowerVM NovaLink has addressed CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/09 12:0 a.m.8 views

AlmaLinux 10 : tomcat9 (ALSA-2025:14178)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:14178 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125...

7.5CVSS7.6AI score0.64718EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.18 views

EUVD-2020-0608

Malware in sbrugna...

9.8CVSS9.3AI score0.04762EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-2632

Malware in sbrugna...

4CVSS6.4AI score0.01233EPSS
Exploits0References3
Rows per page
Query Builder