CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/06/05 7:11 p.m.•8 views

CVE-2026-8162

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...

7.5CVSS5.5AI score0.00279EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:11 p.m.•9 views

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.4AI score0.00335EPSS

Exploits0References1

OSV•added 2026/05/18 5:40 p.m.•9 views

GHSA-65X3-RW7Q-GX94 multiparty vulnerable to ReDoS via filename parsing

Impact [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A multipart upload with a long header value containing !filename="1 repeated can cause regex matching to take seconds, blocking...

7.5CVSS5.8AI score0.00335EPSS

Exploits0References6

vulnersOsv•added 2026/05/18 5:40 p.m.•4 views

@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +589 more potentially affected by CVE-2026-8159 via multiparty (>=4.0.0 <=4.2.3)

multiparty NPM version =4.0.0, =1.16.0, =1.16.0, =1.16.0, =0.1.155, =1.0.0, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =0.58.14, =0.1.0, =1.0.0, =0.1.1, =0.1.3 and more Source cves: CVE-2026-8159 Source advisory: SNYK:JS-MULTIPARTY-16790693...

7.5CVSS5.4AI score0.00335EPSS

Exploits0

EUVD•added 2026/05/18 5:40 p.m.•10 views

EUVD-2026-29439

multiparty vulnerable to ReDoS via filename parsing...

7.5CVSS5.8AI score0.00335EPSS

Exploits0References5

Github Security Blog•added 2026/05/18 5:40 p.m.•19 views

multiparty vulnerable to ReDoS via filename parsing

7.5CVSS5.8AI score0.00335EPSS

Exploits0References6Affected Software1

Github Security Blog•added 2026/05/18 5:35 p.m.•33 views

multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00279EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/18 5:35 p.m.•5 views

GHSA-QXCH-WHHJ-8956 multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS

Exploits1References5

EUVD•added 2026/05/18 5:35 p.m.•12 views

EUVD-2026-29440

multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception...

7.5CVSS5.8AI score0.00473EPSS

Exploits1References4

vulnersOsv•added 2026/05/18 5:35 p.m.•4 views

@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +589 more potentially affected by CVE-2026-8161 via multiparty (>=4.0.0 <=4.2.3)

7.5CVSS5.4AI score0.00473EPSS

Exploits1

Patchstack•added 2026/05/18 5:35 p.m.•9 views

NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

NPM: multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00473EPSS

Exploits1References5Affected Software1

Tenable Nessus•added 2026/05/13 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-8161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that...

7.5CVSS5.4AI score0.00473EPSS

Exploits1References3

vulnersOsv•added 2026/05/12 11:24 a.m.•4 views

@aaa-backend-stack/graphql-rest-bindings (>=1.16.0 <=1.16.9), @aaa-backend-stack/image-service (>=1.16.0 <=1.16.9) +589 more potentially affected by CVE-2026-8162 via multiparty (>=4.0.0 <=4.2.3)

7.5CVSS5.4AI score0.00279EPSS

Exploits0

NVD•added 2026/05/12 10:16 a.m.•12 views

CVE-2026-8159

7.5CVSS0.00335EPSS

Exploits0References3

OSV•added 2026/05/12 10:16 a.m.•7 views

DEBIAN-CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS

Exploits1References1

OSV•added 2026/05/12 10:16 a.m.•4 views

UBUNTU-CVE-2026-8162

7.5CVSS5.9AI score0.00279EPSS

Exploits0References3

CVE•added 2026/05/12 8:50 a.m.•50 views

CVE-2026-8161

This CVE affects [email protected] and earlier, where the parser stores fields/files on plain objects and can collide with inherited Object.prototype properties (e.g., proto , constructor, toString). The root cause is prototype pollution leading to a TypeError when .push() is invoked on a non-arra...

7.5CVSS5.8AI score0.00473EPSS

Exploits1References2Affected Software1