Lucene search
K

80 matches found

NVD
NVD
added 2026/03/13 7:54 p.m.20 views

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an...

4.3CVSS0.00253EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 7:9 p.m.2 views

CVE-2026-30961

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an...

4.3CVSS5.7AI score0.00253EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/13 7:9 p.m.2 views

CVE-2026-30961 Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, the chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an...

4.3CVSS5.7AI score0.00253EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/13 6:56 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the chunked upload completion. An attacker can exhaust server storage and circumvent administrative resource policies by uploading files exceeding the configured per-request size...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 6:56 p.m.3 views

GHSA-45VH-RPC8-HXPP Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload

Summary The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public file request link can split an oversized file into chunks each under MaxSize and upload them sequentially, bypassing the size...

4.3CVSS5.7AI score0.00253EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/13 6:56 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the chunked upload completion. An attacker can exhaust server storage and circumvent administrative resource policies by uploading files exceeding the configured per-request size...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 6:56 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the chunked upload completion. An attacker can exhaust server storage and circumvent administrative resource policies by uploading files exceeding the configured per-request size...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25358

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.4 Description Gokapi is a self-hosted file sharing server. The chunked upload completion path for file requests does not validate the total file size against the per-request MaxSize limit. An attacker with a public...

9.9CVSS7AI score0.22162EPSS
Exploits68References136
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.4 views

CVE-2025-59101

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

7.7CVSS5.9AI score0.00572EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 10:16 a.m.6 views

CVE-2025-59101

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

7.7CVSS0.00572EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:5 a.m.5 views

CVE-2025-59101

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

7.7CVSS5.9AI score0.00572EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/26 10:5 a.m.31 views

CVE-2025-59101 Insufficient Session Management in dormakaba access manager

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

7.7CVSS0.00572EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/26 10:5 a.m.3 views

CVE-2025-59101 Insufficient Session Management in dormakaba access manager

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

7.7CVSS5.9AI score0.00572EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/26 10:5 a.m.3 views

EUVD-2025-206365

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

7.7CVSS5.9AI score0.00572EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:5 a.m.13 views

CVE-2025-59101

CVE-2025-59101 affects the dormakaba access manager web interface. The authentication model relies on per-request IP verification after a successful login, with no traditional session state stored. This enables an attacker to spoof a logged-in user’s IP to gain access, as there is no persistent s...

7.7CVSS5.9AI score0.00572EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.5 views

PT-2026-4751

Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an authentication request from a certain source IP is successful, the IP address is handled as authenticated. No other session information ...

7.7CVSS5.9AI score0.00572EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/14 11:48 a.m.3 views

Cross-Site Request Forgery (CSRF)

fastapiusers is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to stateless and predictable OAuth state tokens with no session binding or per-request entropy, which allows an attacker to initiate an OAuth flow, reuse a valid state token, and trick a victim into completing...

8.8CVSS5.9AI score0.00222EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/16 2:52 p.m.6 views

CVE-2025-61960

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.8AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2025/10/15 2:15 p.m.5 views

CVE-2025-61960

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 2:15 p.m.7 views

CVE-2025-61960

When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00317EPSS
Exploits0References1
Rows per page
Query Builder