CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1507 matches found

Tenable Nessus•added 2024/01/16 12:0 a.m.•20 views

EulerOS 2.0 SP8 : libmicrohttpd (EulerOS-SA-2023-3133)

According to the versions of the libmicrohttpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the...

5.9CVSS6.7AI score0.01243EPSS

Exploits1References2

Tenable Nessus•added 2024/01/13 12:0 a.m.•16 views

Fedora 38 : rubygem-httparty (2024-a5aad4eede)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a5aad4eede advisory. Fix CVE-2024-22049 httparty: multipart/form-data request vulnerable to tampering Tenable has extracted the preceding description block directly from...

5.3CVSS5.8AI score0.0129EPSS

Exploits1References2

Github Security Blog•added 2024/01/04 9:30 p.m.•10 views

Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5pq7-52mg-hr42. This link is maintained to preserve external references. Original Description httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticate...

5.3CVSS7.2AI score0.0129EPSS

Exploits1References11Affected Software1

OSV•added 2024/01/04 9:30 p.m.•4 views

GHSA-G47J-3M2M-74QV Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability

5.3CVSS5.2AI score0.0129EPSS

Exploits1References10

OSV•added 2024/01/04 9:15 p.m.•20 views

CVE-2024-22049

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written...

5.3CVSS5AI score

Exploits0References9

NVD•added 2024/01/04 9:15 p.m.•11 views

CVE-2024-22049

5.3CVSS5.1AI score0.0129EPSS

Exploits1References9

Prion•added 2024/01/04 9:15 p.m.•13 views

Code injection

5CVSS7AI score0.0129EPSS

Exploits1References8Affected Software1

UbuntuCve•added 2024/01/04 9:15 p.m.•20 views

CVE-2024-22049

5.3CVSS6.1AI score0.0129EPSS

Exploits1References7

Debian CVE•added 2024/01/04 8:19 p.m.•19 views

CVE-2024-22049

5.3CVSS5.2AI score0.0129EPSS

Exploits1

Cvelist•added 2024/01/04 8:19 p.m.•26 views

CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability

5.4AI score0.0129EPSS

Exploits1References8

Vulnrichment•added 2024/01/04 8:19 p.m.•3 views

CVE-2024-22049 httparty Multipart/Form-Data Request Tampering Vulnerability

5.2AI score0.0129EPSS

Exploits1References8

ATTACKERKB•added 2023/12/26 6:15 p.m.•1 views

CVE-2023-52086

resumable.php aka PHP backend for resumable.js 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. File overwrite hasn't been possible with the code available in GitHub in recent years, however...

8.1CVSS5.9AI score0.00712EPSS

Exploits0References6

OSV•added 2023/12/26 6:15 p.m.•26 views

CVE-2023-52086

8.1CVSS7.5AI score

Exploits0References5

NVD•added 2023/12/26 6:15 p.m.•19 views

CVE-2023-52086

8.1CVSS0.00712EPSS

Exploits0References5

Prion•added 2023/12/26 6:15 p.m.•13 views

Design/Logic Flaw

5.1CVSS7.5AI score0.00712EPSS

Exploits0References5Affected Software1

CNNVD•added 2023/12/26 12:0 a.m.•3 views

resumable.php security vulnerability

resumable.php is the PHP backend for resumable.js. A security vulnerability exists in versions of resumable.php prior to 3c6dbf5, which stems from a vulnerability that allows arbitrary files to be uploaded to any location on the filesystem via multipart/form-data...

8.1CVSS6.9AI score0.00712EPSS

Exploits0References6

wpexploit•added 2023/12/22 12:0 a.m.•162 views

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

4.3CVSS6.7AI score0.00405EPSS

Exploits2

Tenable Nessus•added 2023/11/21 12:0 a.m.•20 views

Oracle Linux 8 : libmicrohttpd (ELSA-2023-7090)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7090 advisory. 1:0.9.59-3 - Add cve-2023-27371.patch Related: rhbz2174639 CVE-2023-27371 Tenable has extracted the preceding description block directly from the Oracle Linux...

5.9CVSS6.6AI score0.01243EPSS

Exploits1References2

Tenable Nessus•added 2023/11/14 12:0 a.m.•23 views

CentOS 8 : libmicrohttpd (CESA-2023:7090)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7090 advisory. - GNU libmicrohttpd before 0.9.76 allows remote DoS Denial of Service due to improper parsing of a multipart/form-data boundary in the postprocessor.c...

5.9CVSS6.6AI score0.01243EPSS

Exploits1References2

OpenVAS•added 2023/11/09 12:0 a.m.•17 views

Huawei EulerOS: Security Advisory for libmicrohttpd (EulerOS-SA-2023-3133)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.1AI score0.01243EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by