Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51581

Name of the Vulnerable Software and Affected Versions ash-project ash versions 3.0.0 through 3.29.2 Description An issue exists where users can set the value of a private action argument intended to be controlled exclusively by trusted server-side code. Action arguments declared with public?: fal...

5.9CVSS5.7AI score0.00152EPSS
Exploits0References7
NVD
NVD
added 2026/03/24 5:16 a.m.12 views

CVE-2026-3260

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap, the server prematurely parses and stores this content to...

7.5CVSS0.00441EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 4:11 a.m.26 views

CVE-2026-3260

CVE-2026-3260 affects Undertow and enables Denial of Service via premature multipart/form-data parsing when a GET request with multipart/form-data is processed (e.g., via getParameterMap). The issue is caused by content being parsed and stored to disk during parameter handling, leading to resourc...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References2Affected Software10
Vulnrichment
Vulnrichment
added 2026/03/24 4:11 a.m.7 views

CVE-2026-3260 Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap, the server prematurely parses and stores this content to...

5.9CVSS5.8AI score0.00441EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/24 4:11 a.m.28 views

CVE-2026-3260 Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap, the server prematurely parses and stores this content to...

5.9CVSS0.00441EPSS
Exploits0References2
OSV
OSV
added 2025/12/28 7:15 a.m.5 views

CVE-2025-15124

A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...

3.1CVSS6.5AI score
Exploits0References4
Rows per page
Query Builder