CVE-2026-27607 RustFS's Missing Post Policy Validation leads to Arbitrary Object Write

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads PostObject, allowing attackers to bypass content-length-range, starts-with, and Content-Type constraints. This enabl...

CVE-2024-24827

Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to...

CVE-2024-24827 No rate limits on POST /uploads endpoint in Discourse

Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to...

CVE-2024-24827

Discourse (open source forum software) is vulnerable to a Denial of Service caused by no rate limit on POST /uploads. The CVE-2024-24827 entry notes that creating an upload is resource-intensive, and impact varies by site settings such as max_image_size_kb, max_attachment_size_kb, and max_image_m...