Lucene search
K

104 matches found

CVE
CVE
added 4 days ago8 views

CVE-2026-56814

Summary: CVE-2026-56814 affects Plug:Multipart in Elixir’s Plug.Parsers.MULTIPART, where the :length budget is applied only to part body bytes. Part headers are not counted, so requests with many empty-body file parts can slip under the length limit and create a temporary file per part, triggerin...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
NVD
NVD
added 5 days ago6 views

CVE-2026-46413

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS0.00366EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-46413 Discourse: Regular users can route multipart uploads into the admin backup store

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

6.5CVSS0.00366EPSS
Exploits0References9
CVE
CVE
added 5 days ago8 views

CVE-2026-46413

Discourse (open-source discussion platform) contains a vulnerability tracked as CVE-2026-46413 where, prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This could allow una...

6.5CVSS5.9AI score0.00366EPSS
Exploits0References9
NVD
NVD
added 2026/06/26 8:16 a.m.11 views

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS0.00318EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:17 a.m.6 views

EUVD-2026-39630

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS5.9AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41145

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary...

8.8CVSS5.7AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.10 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/31 1:14 a.m.30 views

[SECURITY] Fedora 43 Update: python-urllib3-2.7.0-2.fc43

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/26 1:30 p.m.2 views

GHSA-8C7Q-86FQ-VVMH MLflow allows unauthorized access to multipart upload endpoints when the `--serve-artifacts` mode is enabled

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS7.9AI score0.00345EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/25 6:0 a.m.16 views

EUVD-2026-31642

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS6.3AI score0.00345EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/25 6:0 a.m.50 views

CVE-2026-2651 Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS0.00345EPSS
Exploits1References2
Fedora
Fedora
added 2026/05/19 4:20 p.m.19 views

[SECURITY] Fedora 44 Update: python-urllib3-2.7.0-1.fc44

urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/18 5:40 p.m.12 views

EUVD-2026-29439

multiparty vulnerable to ReDoS via filename parsing...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/18 5:35 p.m.10 views

EUVD-2026-29441

multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 10:16 a.m.13 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 10:16 a.m.15 views

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 10:16 a.m.7 views

DEBIAN-CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:5 a.m.7 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
Rows per page
Query Builder