1057 matches found
CVE-2026-25732
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write
NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...
NiceGUI 路径遍历漏洞
NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.7.0 contained a path traversal vulnerability. This vulnerability stemmed from the FileUpload.name attribute not being cleaned up, allowing for path traversal and remote cod...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload
Summary IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects...
Malicious code in fileupload-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284fb08fce78b3881a87fa045e3cd78babfd4be9859ffd8be916952b1088fc19 The package fileupload-util was found to contain malicious code. Source: ghsa-malware 86e2a72f365ef548c52ca11a5bcfa8cbca1b7ff90e2e35aa34b8d9c2abb9c85...
MAL-2026-690 Malicious code in fileupload-util (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284fb08fce78b3881a87fa045e3cd78babfd4be9859ffd8be916952b1088fc19 The package fileupload-util was found to contain malicious code. Source: ghsa-malware 86e2a72f365ef548c52ca11a5bcfa8cbca1b7ff90e2e35aa34b8d9c2abb9c85...
MAL-2026-529 Malicious code in fileupload-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfeee070d9e37cd2dda0d7557f93098e1589be17d77ff38abf265f564574ca3 The package fileupload-core was found to contain malicious code. Source: ghsa-malware aa58dfc19074922a9db4713e1aa1c17edc8de5a937d01a5c08271d4940bcc38...
Malicious Package
Overview fileupload-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Oracle Business Process Management Suite (14.1.2.0.0) (January 2026 CPU)
The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the January 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commo...
Oracle WebLogic Server (January 2026 CPU)
The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...
MiracleLinux 9 : tomcat-9.0.62-37.el9 (AXSA:2023-6944:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6944:05 advisory. Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosu...
MiracleLinux 8 : tomcat-9.0.62-27.el8 (AXSA:2024-7363:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7363:01 advisory. Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosu...
MiracleLinux 8 : tomcat-9.0.87-1.el8_10.6 (AXSA:2025-10776:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10776:05 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-4912...
Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow - CVE-2025-48976
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager
Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for December 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF006 and 25.0.0-IF003. These vulnerabilities have been also addressed in 24.0.0-IF005. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficie...
DoS (Denial of Service) org.apache.commons:commons-fileupload2-core Dependency in Crowd Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to access...
Apache Commons FileUpload < 1.6 , 2.0.0-M1 < 2.0.0-M4 Denial of Service (CVE-2025-48976)
The version of Apache Commons FileUpload on the remote host is 1.6 , 2.0.0-M1 2.0.0-M4. It is, therefore, affected by a denial of service vulnerability due to allocation of resources for multipart headers with insufficient limits. Note that Nessus has not tested for these issues but has instead...
Security Bulletin: due to the use of Apache Commons FileUpload, IBM Transformation Extender Advanced is vulnerable to DoS vulnerability
Summary Apache Commons FileUpload is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...
Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Business Service Manager
Summary IBM Tivoli Netcool Impact is a component of the IBM Tivoli Business Service Manager data server. Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.1.0 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with...