CVE-2026-25762

AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service DoS vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may accumulate an unbounded amount of data in...

EUVD-2026-0036

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

CVE-2026-21440 AdonisJS Path Traversal in Multipart File Handling

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

CVE-2026-21440 AdonisJS Path Traversal in Multipart File Handling

AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease...

Directory Traversal

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Directory Traversal via the MultipartFile.move function's default options. An attacker can write arbitrary files to unintended...

GHSA-XX7V-HQXH-CJR9 Apache Struts is Vulnerable to DoS via File Leak

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue...

PT-2025-48488

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 6.7.0 Apache Struts versions 7.0.0 through 7.0.3 Description A denial of service issue exists in Apache Struts due to incomplete cleanup of temporary or auxiliary resources during the processing of multipar...

EUVD-2025-31013

Malicious code in bioql PyPI...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo to save the uploaded file to a path controllable by the user, and lacks strict verification of the file name...

CVE-2025-56815

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal via POST /viz/image due to saving uploaded files with MultipartFile.transferTo() to user-controllable paths and insufficient filename verification. Root cause: lack of strict validation of the uploaded filename. Impact: potential file path tr...

BIT-TOMCAT-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0 through 11.0.8, from 10.1.0 through 10.1.42, from 9.0.0 through 9.0.106. The following versions...

CVE-2025-52520

The CVE-2025-52520 entry describes an Integer Overflow DoS in Apache Tomcat triggered by certain multipart upload configurations. Affected branches include Tomcat 11.0.x (11.0.0-M1 to 11.0.8) and older 10.1.x (10.1.0-M1 to 10.1.42) and 9.0.x (9.0.0.M1 to 9.0.106); EOL versions may also be affecte...

CVE-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following...

CVE-2025-52520 Apache Tomcat: DoS via integer overflow in multipart file upload

For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106. The following...

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

CVE-2024-8517

SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request...

Cross-Site Request Forgery (CSRF)

strawberrygraphql is vulnerable to cross-site request forgery CSRF. The vulnerability is due to the default configuration of the Strawberry GraphQL library, which allows multipart file upload support without proper CSRF protection and exempted the integration from Django's built-in CSRF safeguard...

GHSA-79GP-Q4WV-33FR Cross-Site Request Forgery (CSRF) in strawberry-graphql

Impact Multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable to CSRF attacks if users did not explicitly enable CSRF preventing security...

CVE-2024-47082

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...

CVE-2024-47082 Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in all Strawberry HTTP view integrations. This made all Strawberry HTTP view integrations vulnerable ...