6 matches found
CVE-2026-59892
A flaw was found in the @opentelemetry/propagator-jaeger component of OpenTelemetry JavaScript. This vulnerability allows an unauthenticated remote attacker to send specially crafted HTTP header values, specifically uber-trace-id and uberctx-. The component improperly decodes these values without...
CVE-2026-8162
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
EUVD-2026-29441
multiparty vulnerable to Denial of Service via Uncaught Exception in filename parameter parsing...
CVE-2026-8162
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
CVE-2026-8162
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
CVE-2007-6660
The CVE-2007-6660 entry involves the 2z project version 0.9.6.1 where information disclosure can occur via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year/month parameters, causing error messages that reveal the path. The NVD description d...