Astra Linux - уязвимость в nss

A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...

Unity Linux 20.1060e / 20.1070e Security Update: nss (UTSA-2026-017618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017618 advisory. A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. Thi...

Wisp 安全漏洞

Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 0.2.0 to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in multi-part form parsing that bypassed resource limits,...

📄 OpenEXR Integer Overflow

Proof of concept exploit for a potential integer overflow condition when processing specially crafted multi‑part DeepScanLine EXR files with OpenEXR. The program generates a malicious .exr file containing 86 parts, where each pixel is assigned 50,000,000 samples. When these values are summed...

EUVD-2023-0392

Malicious code in bioql PyPI...

EUVD-2023-2798

Malicious code in bioql PyPI...

SUSE-SU-2025:02214-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-46701: Refactored CGI servlet to access resources via WebResources bsc1243815. - CVE-2025-48988: Limited the total number of parts in a multi-part request and limits the size of the headers provided with each part bsc1244656. -...

CVE-2023-45812

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

GPT Academic Resource Management Error Vulnerability

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a Resource Management Error vulnerability that stems from an excessive number of characters at the end of a multi-part boundary during a file upload that caus...

GPT Academic 资源管理错误漏洞

GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a Resource Management Error vulnerability that stems from an excessive number of characters at the end of a multi-part boundary during a file upload that caus...

SUSE SLES15 / openSUSE 15 Security Update : nodejs22 (SUSE-SU-2025:0284-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0284-1 advisory. Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the fact that multi-part/form data requests may, under certain configurations, temporarily increase memory consumption beyond expected...

Path traversal, lead to arbitrary file write, lead to remote code execution

Description Anythingllm use multer library to handle http multi-part file upload. Anything llm use the following code to handle non-ascii file name file.originalname = Buffer.fromfile.originalname, "latin1".toString "utf8" ; This way of manipulating filename is will lead to path traversal. multer...

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

Rocky Linux 8 : nss (RLSA-2021:0538)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0538 advisory. - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based...

Pallets Werkzeug Buffer Error Vulnerability

Pallets Werkzeug is a WSGI web application library. A security vulnerability exists in Pallets Werkzeug versions prior to 3.0.1, which stems from a vulnerability that allows an attacker to cause a denial of service by sending carefully crafted multi-part data...

CVE-2023-45812 Improper Check or Handling of Exceptional Conditions in apollo-router

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part response is...

Apollo Router Code Issue Vulnerability

Apollo Router is a configurable, high-performance graphical router written in Rust. A code issue vulnerability exists in Apollo Router. An attacker could use this vulnerability to cause the router to panic and terminate when sending a multi-part response...

Judging Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...