Lucene search
K

45 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 11:0 p.m.3 views

CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...

2.1CVSS5.8AI score0.00173EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 11:0 p.m.14 views

CVE-2026-33221

CVE-2026-33221 affects the Nhost storage upload component. Before v0.12.0, the storage service trusts the client-provided Content-Type header and does not perform server-side MIME type detection, enabling an attacker to upload files with arbitrary MIME types and bypass MIME-type-based bucket rest...

5.3CVSS5.8AI score0.00173EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/20 11:0 p.m.6 views

CVE-2026-33221 Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.12.0, the storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type,...

2.1CVSS6.3AI score0.00173EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

Nhost 数据伪造问题漏洞

Nhost is an open-source backend service platform developed by Nhost. Versions of Nhost prior to 0.12.0 had a data manipulation vulnerability. This vulnerability stemmed from the file upload processing mechanism in the storage service, which trusted the Content-Type header provided by the client...

2.1CVSS6.3AI score0.00173EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:0 a.m.9 views

Malicious code in typescript-nhost (npm)

The package 'typescript-nhost' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
Rows per page
Query Builder