2728 matches found
UBUNTU-CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
CVE-2026-31958
Tornado (Python) before 6.5.5 is vulnerable in its multipart/form-data parsing: the only limit is max_body_size (default 100MB) and parsing occurs synchronously on the main thread, enabling denial-of-service via very large multipart bodies with many parts. The issue is fixed in 6.5.5. CVSS metric...
CVE-2026-31958 Tornado has a DoS due to too many multipart parts
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
CVE-2026-31958 Tornado has a DoS due to too many multipart parts
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
CVE-2026-31958 Tornado has a DoS due to too many multipart parts
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...
Malicious Package
Overview tailwind-mainanimation is a malicious package. Upon installation, it silently injects obfuscated JavaScript into the end of legitimate project configuration files like tailwind.config.js. To evade detection, the malware rewrites git history, forging timestamps so the malicious commit...
CVE-2025-13067
The CVE-2025-13067 entry documents a vulnerability in the Royal Addons for Elementor WordPress plugin up to version 1.7.1049. The issue is an arbitrary file upload due to insufficient file-type validation that can be bypassed when files named main.php are uploaded, allowing an attacker with autho...
CVE-2025-13067 Royal Addons for Elementor <= 1.7.1049 - Authenticated (Author+) Arbitrary File Upload via main.php Upload Bypass
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file type validation detecting files named main.php, allowing a file with such a name to bypass sanitization. This makes it possib...
PT-2026-24805
Name of the Vulnerable Software and Affected Versions Tornado versions prior to 6.5.5 Description Tornado is a Python web framework and asynchronous networking library. In versions prior to 6.5.5, the only limit on the number of parts in multipart/form-data requests is the max body size setting,...
NewStart CGSL MAIN 6.06 (SP) : netcf Vulnerability (NS-SA-2026-0026)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has netcf packages installed that are affected by a vulnerability: - The findifcfgpath function in netcf before 0.2.7 might allow attackers to cause a denial of service application crash via vectors involving augeas path expressions...
NewStart CGSL MAIN 6.06 (SP) : tcl Vulnerability (NS-SA-2026-0011)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has tcl packages installed that are affected by a vulnerability: - The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows...
NewStart CGSL MAIN 6.06 (SP) : c-ares Vulnerability (NS-SA-2026-0023)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has c-ares packages installed that are affected by a vulnerability: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames whi...
CVE-2025-50196
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST maindatabase parameter. This issue has been patched in version 1.11.30...
CVE-2025-50197
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sublanguageajax.inc.php via the POST newlanguage parameter. This issue has been patched in version 1.11.30...
CVE-2025-50196
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST maindatabase parameter. This issue has been patched in version 1.11.30...
CVE-2025-50193
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...
CVE-2025-50196
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST maindatabase parameter. This issue has been patched in version 1.11.30...
CVE-2025-50196 Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST maindatabase parameter. This issue has been patched in version 1.11.30...