Lucene search
K

1386 matches found

NVD
NVD
added 2026/05/08 3:16 p.m.9 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

7.5CVSS0.02643EPSS
Exploits5References11
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

dash-uploader 资源管理错误漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain resource management vulnerabilities. These vulnerabilities originate from the Upload function in dashuploader/httprequesthandler.py, the maxfilesize parameter ...

7.5CVSS6.1AI score0.02643EPSS
Exploits5References1
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.48 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

0.05982EPSS
Exploits4References8
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.44 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

0.02643EPSS
Exploits5References11
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.7 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, aseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS6.2AI score0.05982EPSS
Exploits4References7
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.9 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

6AI score0.05982EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-39150

Name of the Vulnerable Software and Affected Versions fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 Description A directory traversal issue allows a remote attacker to execute arbitrary code. This is possible through the dash uploader/httprequesthandler.py component, specifically within t...

10CVSS6.1AI score0.05982EPSS
Exploits4References21
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.13 views

Dash-Uploader 0.7.0a2 Denial of Service

dash-uploader versions 0.1.0 through 0.7.0a2 suffer from multiple denial of service vulnerabilities...

7.5CVSS5.8AI score0.02643EPSS
Exploits5
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39009

Name of the Vulnerable Software and Affected Versions fohrloop dash-uploader versions 0.1.0 through 0.7.0a2 Description A remote attacker can execute arbitrary code through the Upload function and the max file size parameter within the dash uploader/httprequesthandler.py, dash uploader/upload.py,...

7.8CVSS6.1AI score0.02643EPSS
Exploits5References17
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

dash-uploader 路径遍历漏洞

dash-uploader is a file upload component developed by Niko Föhr for Dash applications. Versions 0.1.0 to 0.7.0a2 of dash-uploader contain a path traversal vulnerability. This vulnerability stems from directory traversal in the dashUploader/httpRequestHandler.py, BaseHttpRequestHandler.getTempRoot...

9.8CVSS6.1AI score0.05982EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.8 views

CVE-2026-38361

An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, dashuploader/upload.py in the Upload function and maxfilesize parameter, dashuploader/configureupload.py components...

6.2AI score0.02643EPSS
Exploits5References10
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.6 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

5.5AI score0.02643EPSS
Exploits5References11
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.80 views

📄 Dash-Uploader 0.7.0a2 Path Traversal

There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...

9.8CVSS5.8AI score0.05982EPSS
Exploits5
CVE
CVE
added 2026/05/08 12:0 a.m.20 views

CVE-2026-38360

CVE-2026-38360 affects fohrloop dash-uploader, with directory traversal in dash_uploader/httprequesthandler.py affecting versions 0.1.0 through 0.7.0a2. The vulnerability arises from unvalidated user-supplied values used in get_temp_root (upload_id), resumableFilename, and resumableIdentifier, wh...

9.8CVSS6AI score0.05982EPSS
Exploits4References8
CVE
CVE
added 2026/05/08 12:0 a.m.20 views

CVE-2026-38361

CVE-2026-38361 affects fohrloop/dash-uploader (versions 0.1.0–0.7.0a2). The flaw resides in dash_uploader/httprequesthandler.py and related components where attacker-controlled resumableTotalChunks and related parameters enable unbounded memory allocation (OOM) and a file-truncation path, leading...

7.5CVSS5.5AI score0.02643EPSS
Exploits5References11Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.103 views

Exploit for CVE-2026-38361

CVE-2026-38361: Multiple Unauthenticated DoS Vulnerabilities i...

6.1AI score0.05982EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.108 views

Exploit for CVE-2026-38360

CVE-2026-38360: Path Traversal in dash-uploader !CVEhttps...

6AI score0.05982EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/05/07 2:59 p.m.98 views

Exploit for CVE-2026-38360

CVE-2026-38360: Directory Traversal in dash-uploader !CVE...

6AI score0.05982EPSS
Exploits5
EUVD
EUVD
added 2026/04/20 9:30 a.m.4 views

EUVD-2026-23809

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 9:16 a.m.8 views

CVE-2026-6619

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS0.00206EPSS
Exploits0References4
Rows per page
Query Builder