CVE-2014-0050 — CVSS 7.5 (high): MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote…
CVE-2016-3092 — CVSS 7.5 (high): The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x…
CVE-2023-24998 — CVSS 7.5 (high): Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker…
CVE-2025-48976 — CVSS 7.5 (high): Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue…
CVE-2013-0248 — CVSS 3.3 (low): The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for…