89 matches found
CVE-2026-53751
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous...
CVE-2026-53751 DataEase: H2 JDBC URL Filter Bypass Leads to Remote Code Execution (RCE)
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous...
CVE-2026-53537 Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...
CVE-2026-53538
CVE-2026-53538 affects python-multipart, a streaming multipart parser for Python. Prior to 0.0.30, the QuerystringParser treated ";" as a field separator in application/x-www-form-urlencoded bodies in addition to "&", creating a parsing differential against WHATWG/urllib.parse behavior that only ...
CVE-2026-53538 Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...
CVE-2026-53538 Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only...
python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...
CVE-2026-49756 Multipart form-data header injection in Req via unescaped name/filename/content_type
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...
CVE-2026-49756
CVE-2026-49756 describes a CRLF injection in Req.Utils.encode_form_part/2 of the Elixir Req library. User-controlled name, filename, or content_type are interpolated into Content-Disposition and Content-Type without escaping, allowing CRLFs to terminate header lines and add smuggled parts. This e...
@hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
GHSA-36HH-X5P5-JGC8 @hapi/content header parser has a parameter smuggling issue that allows upload-filter bypass via duplicate parameters
Impact The two parsers resolved duplicates inconsistently and silently: - Content.disposition retained the last occurrence of each parameter. - Content.type retained the first occurrence of charset and boundary. Either behavior creates a parameter-smuggling primitive when another component in the...
Ruby Rack 3.x < 3.1.21 / 3.2.x < 3.2.6 Multiple Vulnerabilities
The version of the Rack Ruby library installed on the remote host is 3.0.0.beta1 or later but prior to 3.1.21, or is 3.2.0 or later but prior to 3.2.6. It is, therefore, affected by multiple vulnerabilities: - Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters using repeated...
CVE-2026-32762
A flaw was found in Rack, a modular Ruby web server interface. This vulnerability arises from improper parsing of the RFC 7239 Forwarded header, where semicolons within quoted values are incorrectly interpreted as delimiters. An attacker can exploit this by crafting a malicious Forwarded header,...
Rack 安全漏洞
Rack is a modular Ruby web server interface developed by Rack authors. There were security vulnerabilities in versions of Rack from 3.0.0.beta1 to 3.1.21, as well as in versions from 3.2.0 to 3.2.6. These vulnerabilities stemmed from improper parsing of forwarded headers, which could lead to...
CVE-2026-32939
DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...
Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Python, Node.js, Golang Go and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remote execution of...
Unity Linux 20.1070e Security Update: golang (UTSA-2025-986182)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986182 advisory. Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit...
EUVD-2022-35112
Malicious code in bioql PyPI...
TencentOS Server 3: grafana (TSSA-2023:0097)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0097 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
OESA-2025-1056 podman security update
Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of...