Vulnerabilities in Kludex
15 resultsCVE-2026-24486HIGHPython-Multipart has Arbitrary File Write via Non-Default ConfigurationEPSS 1.8%CVE-2024-24762HIGHpython-multipart vulnerable to content-type header Regular expression Denial of ServiceEPSS 1.5%CVE-2026-48710MEDIUMStarlette has missing Host header validation that poisons request.url.path, bypassing path-based security checksEPSS 1.4%CVE-2024-53981HIGHpython-multipart has a Denial of service (DoS) via deformation `multipart/form-data` boundaryEPSS 0.6%CVE-2025-62727HIGHStarlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponseEPSS 0.6%CVE-2026-42561HIGHPython-Multipart: Denial of Service via unbounded multipart part headersEPSS 0.4%CVE-2026-40347MEDIUMPython-Multipart affected by Denial of Service via large multipart preamble or epilogue dataEPSS 0.4%CVE-2026-48818HIGHStarlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on WindowsEPSS 0.3%CVE-2026-54283HIGHStarlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoSEPSS 0.3%CVE-2026-53539HIGHPython-Multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of serviceEPSS 0.3%CVE-2026-53540LOWPython-Multipart: Negative Content-Length in parse_form buffers the entire body in memoryEPSS 0.2%CVE-2026-48817MEDIUMStarlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`EPSS 0.2%CVE-2026-54282LOWStarlette: Unvalidated request path concatenated into authority poisons request.url.hostnameEPSS 0.2%CVE-2026-53537LOWPython-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parametersEPSS 0.2%CVE-2026-53538LOWPython-Multipart: Semicolon treated as querystring field separator enables parameter smugglingEPSS 0.2%