Lucene search
+L

50 matches found

nessus
nessus
added 2026/06/22 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-50269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker- controlled input included into multipart/payload...

7.5CVSS5.9AI score0.00301EPSS
Exploits0References3
snyk
snyk
added 2026/06/12 8:12 p.m.15 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References2
snyk
snyk
added 2026/06/12 8:12 p.m.11 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the multiPartHeader function when untrusted input is provided via field or filename to FormDataappend. An attacker can inject additional headers or multipart parts by including carriage returns, line feeds, or double...

8.7CVSS5.9AI score0.00409EPSS
Exploits0References2
ibm
ibm
added 2026/06/12 7:0 p.m.7 views

Security Bulletin: upload filename directly from the multipart Content-Disposition header without sanitization

Summary Langflow OSS 1.2.0 - 1.8.4 are affected by a critical arbitrary file write vulnerability in the files endpoint due to improper handling of uploaded filenames. The application extracts the filename directly from the multipart Content-Disposition header without sanitization and uses unsafe...

6.5CVSS5.5AI score0.00275EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/02 7:8 p.m.3 views

CVE-2026-48598 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

2.1CVSS6AI score0.00143EPSS
Exploits0References10
cnnvd
cnnvd
added 2026/06/02 12:0 a.m.9 views

Tesla 安全漏洞

Tesla is an HTTP client software open source by Elixir Tesla. Versions of Tesla from 0.8.0 to 1.18.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of escaping of the Content-Disposition parameter value, which could lead to multipart header injection attacks...

2.1CVSS5.3AI score0.00143EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/05/27 8:13 p.m.13 views

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS6AI score0.0062EPSS
Exploits0References1
nessus
nessus
added 2026/05/22 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart...

8.2CVSS5.7AI score0.00382EPSS
Exploits0References2
euvd
euvd
added 2026/05/20 3:35 p.m.11 views

EUVD-2026-30266

Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service...

8.2CVSS5.9AI score0.0062EPSS
Exploits0References10
github
github
added 2026/05/20 3:35 p.m.33 views

Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service

Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...

8.2CVSS5.9AI score0.0062EPSS
Exploits0References11Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in libcommons-fileupload-java, tomcat9

The allocation of resources for multipart headers with insufficient limits enabled created a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: versions from 1.0 before 1.6, and from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to version 1...

7.5CVSS6.9AI score0.64718EPSS
Exploits1References2
nvd
nvd
added 2026/05/14 11:16 a.m.18 views

CVE-2026-8468

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS0.0062EPSS
Exploits0References9
cvelist
cvelist
added 2026/05/14 10:29 a.m.46 views

CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Allocation of Resources Without Limits or Throttling vulnerability in plugproject plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':readpartheaders/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper bound on t...

8.2CVSS0.0062EPSS
Exploits0References9
cve
cve
added 2026/05/14 10:29 a.m.20 views

CVE-2026-8468

Summary (facts from sources): CVE-2026-8468 describes an unbounded memory accumulation in multipart header parsing within Elixir Plug (plug_project) andCowboy-derived code. The root cause is in plug_multipart:parse_headers/2 (and read_part_headers/2 in lib/plug/conn.ex) which accumulates incoming...

8.2CVSS6AI score0.0062EPSS
Exploits0References9
osv
osv
added 2026/05/14 10:29 a.m.8 views

EEF-CVE-2026-8468 Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

Summary Allocation of Resources Without Limits or Throttling vulnerability in plug\project plug allows denial of service via unbounded buffer accumulation in multipart header parsing. 'Elixir.Plug.Conn':read\part\headers/2 in lib/plug/conn.ex does not obey its :length parameter. There is no upper...

8.2CVSS6.2AI score0.0062EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/05/14 12:0 a.m.15 views

Plug 安全漏洞

Plug is an open-source web application middleware and connection specification library developed by elixir-plug, targeting the Elixir ecosystem. Versions of Plug prior to 1.15.4, 1.16.3, 1.17.1, 1.18.2, and 1.19.2 contain security vulnerabilities. These vulnerabilities stem from unlimited buffer...

8.2CVSS6AI score0.0062EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.14 views

PT-2026-40905

Name of the Vulnerable Software and Affected Versions plug versions 1.4.0 through 1.15.3 plug version 1.16.3 plug version 1.17.1 plug version 1.18.2 plug version 1.19.2 Description An unbounded buffer accumulation issue exists during multipart header parsing. The function read part headers/2 in...

8.2CVSS6AI score0.0062EPSS
Exploits0References16
osv
osv
added 2026/05/13 9:32 p.m.6 views

GHSA-JFC2-Q6QH-G5X8 Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00382EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2026/05/13 7:17 p.m.9 views

CVE-2026-8466

Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial of service via unbounded buffer accumulation in multipart header parsing. cowboyreq:readpart/3 in src/cowboyreq.erl accumulates incoming request bytes into a Buffer binary with no upper-bound chec...

8.2CVSS5.8AI score0.00382EPSS
Exploits0References4
cve
cve
added 2026/05/13 6:26 p.m.27 views

CVE-2026-8466

CVE-2026-8466 affects the Cowboy web server (ninenines) prior to 2.15.0. The issue is an unbounded memory growth vulnerability in multipart header parsing: cowboy_req:read_part/3 accumulates request bytes into a Buffer without an upper-bound check, and when cow_multipart:parse_headers/2 returns m...

8.2CVSS5.9AI score0.00382EPSS
Exploits0References3
Rows per page
Query Builder