Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request cause…

Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere with the configured allowable file extensions via a manipulated API request. The issue is patched in versions 15.4.2 and 16.0…

MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directori…

A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has …

A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page. The manipulation of the argument URL Address leads to cross site scripting. It is possible to ini…

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked to prevent Cross-si…

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same ori…

A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation of the argument devicemac1 leads to command injection. The attack may be launched remotely…

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remo…

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack…