Wisp 安全漏洞

Wisp is a practical Gleam web framework developed under open source, designed for rapid development and easy maintenance. Versions of Wisp from 0.2.0 to 2.2.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in multi-part form parsing that bypassed resource limits,...

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

SUSE SLES15 / openSUSE 15 Security Update : nodejs22 (SUSE-SU-2025:0284-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0284-1 advisory. Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the fact that multi-part/form data requests may, under certain configurations, temporarily increase memory consumption beyond expected...

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

Rockwell Automation products using GoAhead Web Server Loop with Unreachable Exit Condition (CVE-2019-5097)

A denial-of-service vulnerability exists in the processing of multi- part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the...

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

CVE-2019-5096

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this reques...

Denial of service

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

CVE-2019-5097

The CVE-2019-5097 entry documents a denial-of-service in the GoAhead web server’s handling of multipart/form-data. A specially crafted, unauthenticated HTTP request (GET or POST), targeting GoAhead versions v5.0.1, v4.1.1, and v3.6.5, can cause an infinite loop in the process, potentially impacti...

EmbedThis GoAhead web server code execution vulnerability

Summary An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of thi...

EmbedThis GoAhead web server denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated i...

CVE-2016-9683

The SonicWall Secure Remote Access server version 8.1.0.2-14sv is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI /cgi-bin/extensionsettings component responsible for handling some of the server's...

CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthenticated File Upload

CYSTEME does not properly check SESSION Cookies allowing a remote attacker to upload, view, or delete files from any location on the remote file system. - Retrieve all data in the root wordpress directory. This will return JSON. Exploit:...