CVE-2026-28525

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

PT-2026-34748

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

GO-2026-4713 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser

File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser...

CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is...

CVE-2026-32759

File Browser CVE-2026-32759 affects versions 2.61.2 and earlier with a faulty TUS upload handler: Upload-Length is parsed as signed 64-bit without non-negative validation, allowing an authenticated user to supply a negative value that completes uploads on the first PATCH. This can trigger after_u...

Integer Overflow or Wraparound

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the getUploadLength function. An attacker can repeatedly trigger post-upload hooks with arbitrary filenames and empty file contents by...

PT-2025-52523

Name of the Vulnerable Software and Affected Versions Dotclear version 2.25.3 Description Dotclear version 2.25.3 contains a remote code execution issue. Authenticated attackers can upload malicious PHP files with a .phar extension through the blog post creation interface. Uploading files...

Webify Blog - Arbitrary File Deletion

!x! Informations: Name : Webify Blog Download : http://www.webify.ws/blog Vulnerability : Delete Arbitrary File Vulnerability Author : JIKOJAWAD Contact : [email protected] Site : No-ExploiT.CoM Is Back Notes : No-ExploiT.CoM Miss !x! Bug: Delete Arbitrary File Vulnerability you can delete file...

Dvbbs8 serious vulnerability-vulnerability warning-the black bar safety net

I here it has been assumed that a DVBBS8 SQL: We first register a user, just find a post. Just broke。。。。 We have to re-send a post. Discovery table review, where to capture POST /dvbbs8/Appraise. asp? action=save HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,...