Lucene search
K

1057 matches found

NVD
NVD
added 2026/02/06 10:16 p.m.13 views

CVE-2026-25732

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...

7.5CVSS0.03212EPSS
Exploits3References3
OSV
OSV
added 2026/02/06 9:9 p.m.5 views

CVE-2026-25732 NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write

NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename metadata without sanitization, enabling path traversal when developers use the pattern UPLOADDIR / file.name. Malicious filenames containing ../ sequences allow attackers to...

7.5CVSS6.4AI score0.03212EPSS
Exploits3References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.10 views

NiceGUI 路径遍历漏洞

NiceGUI is an easy-to-use, Python-based UI framework developed under the open source license. Versions of NiceGUI prior to 3.7.0 contained a path traversal vulnerability. This vulnerability stemmed from the FileUpload.name attribute not being cleaned up, allowing for path traversal and remote cod...

7.5CVSS6.1AI score0.03212EPSS
Exploits3References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/04 6:37 p.m.12 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload

Summary IBM Watson Discovery Cartridge affected by vulnerability in Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 7:56 a.m.8 views

Malicious code in fileupload-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284fb08fce78b3881a87fa045e3cd78babfd4be9859ffd8be916952b1088fc19 The package fileupload-util was found to contain malicious code. Source: ghsa-malware 86e2a72f365ef548c52ca11a5bcfa8cbca1b7ff90e2e35aa34b8d9c2abb9c85...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/02/03 7:56 a.m.6 views

MAL-2026-690 Malicious code in fileupload-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 284fb08fce78b3881a87fa045e3cd78babfd4be9859ffd8be916952b1088fc19 The package fileupload-util was found to contain malicious code. Source: ghsa-malware 86e2a72f365ef548c52ca11a5bcfa8cbca1b7ff90e2e35aa34b8d9c2abb9c85...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/01/27 7:56 a.m.6 views

MAL-2026-529 Malicious code in fileupload-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfeee070d9e37cd2dda0d7557f93098e1589be17d77ff38abf265f564574ca3 The package fileupload-core was found to contain malicious code. Source: ghsa-malware aa58dfc19074922a9db4713e1aa1c17edc8de5a937d01a5c08271d4940bcc38...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/01/27 7:56 a.m.5 views

Malicious Package

Overview fileupload-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.9 views

Oracle Business Process Management Suite (14.1.2.0.0) (January 2026 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the January 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commo...

9.8CVSS7AI score0.79807EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.11 views

Oracle WebLogic Server (January 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...

9.4CVSS7AI score0.64718EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : tomcat-9.0.62-37.el9 (AXSA:2023-6944:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6944:05 advisory. Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosu...

7.5CVSS7AI score0.51547EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : tomcat-9.0.62-27.el8 (AXSA:2024-7363:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7363:01 advisory. Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosu...

7.5CVSS7.8AI score0.51547EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : tomcat-9.0.87-1.el8_10.6 (AXSA:2025-10776:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10776:05 advisory. tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-4912...

7.5CVSS7.6AI score0.64718EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:49 p.m.9 views

Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow - CVE-2025-48976

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/29 6:2 a.m.10 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

7.5CVSS8AI score0.93305EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 8:45 a.m.10 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for December 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF006 and 25.0.0-IF003. These vulnerabilities have been also addressed in 24.0.0-IF005. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficie...

8.8CVSS8.2AI score0.64718EPSS
Exploits3Affected Software1
Atlassian
Atlassian
added 2025/12/19 7:27 p.m.21 views

DoS (Denial of Service) org.apache.commons:commons-fileupload2-core Dependency in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to access...

7.5CVSS7.4AI score0.64718EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/16 12:0 a.m.9 views

Apache Commons FileUpload < 1.6 , 2.0.0-M1 < 2.0.0-M4 Denial of Service (CVE-2025-48976)

The version of Apache Commons FileUpload on the remote host is 1.6 , 2.0.0-M1 2.0.0-M4. It is, therefore, affected by a denial of service vulnerability due to allocation of resources for multipart headers with insufficient limits. Note that Nessus has not tested for these issues but has instead...

7.5CVSS7.3AI score0.64718EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/15 11:18 a.m.8 views

Security Bulletin: due to the use of Apache Commons FileUpload, IBM Transformation Extender Advanced is vulnerable to DoS vulnerability

Summary Apache Commons FileUpload is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/10 5:6 p.m.12 views

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Business Service Manager

Summary IBM Tivoli Netcool Impact is a component of the IBM Tivoli Business Service Manager data server. Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.1.0 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with...

7.5CVSS8.2AI score0.64718EPSS
Exploits3Affected Software1
Rows per page
Query Builder