Lucene search
+L

161 matches found

attackerkb
attackerkb
added 6 days ago7 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References10Affected Software1
snyk
snyk
added 2026/06/30 6:34 p.m.9 views

Prototype Pollution

Overview @adonisjs/bodyparser is a BodyParser middleware for AdonisJS http server to read and parse request body Affected versions of this package are vulnerable to Prototype Pollution via the BodyParserMiddleware process. An attacker can modify the Object.prototype globally by sending specially...

8.8CVSS6.3AI score0.00148EPSS
Exploits0References2
ibm
ibm
added 2026/06/15 8:42 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Uncontrolled Resource Consumption (CVE-2026-22740)

Summary There are vulnerabilities in spring-web-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22740. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests create...

6.5CVSS5.3AI score0.00344EPSS
Exploits0Affected Software1
debiancve
debiancve
added 2026/06/09 3:51 a.m.12 views

CVE-2026-41853

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

5.3CVSS5.5AI score0.00186EPSS
Exploits0
cvelist
cvelist
added 2026/06/09 3:50 a.m.43 views

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48...

5.9CVSS0.00247EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.12 views

Spring Framework 资源管理错误漏洞

The Spring Framework is an application development framework developed by Spring in open source. Vulnerabilities related to resource management exist in versions 7.0.0 to 7.0.7, 6.2.0 to 6.2.18, 6.1.0 to 6.1.27, and 5.3.0 to 5.3.48 of the Spring Framework. These vulnerabilities may lead to...

5.9CVSS5.2AI score0.00247EPSS
Exploits0References2
snyk
snyk
added 2026/06/08 12:0 a.m.9 views

Missing Release of Memory after Effective Lifetime

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Missing Release of Memory after Effective...

8.2CVSS5.5AI score0.00247EPSS
Exploits0References2
spring
spring
added 2026/06/08 12:0 a.m.15 views

CVE-2026-41840: Spring Framework Denial of Service via Multipart Requests in WebFlux

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. More precisely, an application can be vulnerable when all the following are true: When all the conditions above are met, an attacker can send malicious multipart requests that can leak...

5.9CVSS5.8AI score0.00247EPSS
Exploits0References1Affected Software1
githubexploit
githubexploit
added 2026/05/26 4:9 p.m.137 views

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

LAB 1 — Apache Struts2 OGNL Injection CVE-2017-5638 / S2-045...

10CVSS7.6AI score0.99999EPSS
Exploits44
osv
osv
added 2026/05/20 3:35 p.m.10 views

GHSA-468C-VQ7P-GH64 Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service

Summary An Allocation of Resources Without Limits or Throttling vulnerability in Plug.Conn.readpartheaders/2 allows an unauthenticated attacker to exhaust server memory by sending a crafted multipart/form-data request, causing a denial of service. Details Plug.Conn.readpartheaders/2 in...

8.2CVSS5.9AI score0.0062EPSS
Exploits0References11
redhatcve
redhatcve
added 2026/05/05 1:29 p.m.8 views

CVE-2026-22740

A flaw was found in Spring WebFlux, a component of the Spring Framework. A remote attacker can exploit this vulnerability by sending specially crafted multipart requests to a WebFlux server application. When processing these requests, the server creates temporary files that, under certain...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References5
nessus
nessus
added 2026/05/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-22740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain no...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References3
nvd
nvd
added 2026/04/29 12:16 p.m.7 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS0.00344EPSS
Exploits0References2
osv
osv
added 2026/04/29 12:16 p.m.4 views

DEBIAN-CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/04/29 12:16 p.m.6 views

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References2
osv
osv
added 2026/04/29 12:16 p.m.5 views

UBUNTU-CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS5.8AI score0.00344EPSS
Exploits0References3
cvelist
cvelist
added 2026/04/29 10:46 a.m.39 views

CVE-2026-22740 Spring Framework DoS with Multipart Temp Files in WebFlux

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

6.5CVSS0.00344EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/17 11:56 p.m.40 views

CVE-2026-40347 Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data

Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary...

5.3CVSS0.00351EPSS
Exploits0References2
osv
osv
added 2026/04/15 7:45 p.m.6 views

GHSA-MJ87-HWQH-73PJ python-multipart affected by Denial of Service via large multipart preamble or epilogue data

Summary A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections. Details Two inefficient multipart parsing paths could be abused with attacker-controlled input. Before the first multipart boundary, the parser handled...

5.3CVSS5.8AI score0.00351EPSS
Exploits0References4
osv
osv
added 2026/04/02 5:10 p.m.2 views

CVE-2026-26962 Rack: Header injection in multipart requests

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

4.8CVSS5.8AI score0.00227EPSS
Exploits0References3
Rows per page
Query Builder