74 matches found
WordPress Candidate Application Form <= 1.3 - Local File Inclusion
WordPress Candidate Application Form = 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. id: CVE-2015-1000005 info: name: WordPress Candidate Application Form = 1.3 - Local File Inclusion author: dhiyaneshDK severity: high...
CVE-2026-54283
Starlette (Python-starlette) from 0.4.1 through 1.3.1 is affected by CVE-2026-54283, where request.form() fails to apply max_fields/max_part_size for application/x-www-form-urlencoded, allowing an unauthenticated attacker to send a URL-encoded body with unbounded fields or field size. This result...
undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
CVE-2023-45756
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Spider Teams ApplyOnline – Application Form Builder and Manager plugin = 2.5.2 versions...
CVE-2024-3884 Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
CVE-2024-3884
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...
rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...
rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...
EUVD-2023-55562
Malicious code in bioql PyPI...
EUVD-2025-29195
Malicious code in bioql PyPI...
EUVD-2024-27671
Malicious code in bioql PyPI...
EUVD-2025-31470
Malicious code in bioql PyPI...
EUVD-2023-50341
Malicious code in bioql PyPI...
EUVD-2024-29159
Malicious code in bioql PyPI...
EUVD-2025-2942
Malicious code in bioql PyPI...
CVE-2025-11114
A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2025-11114 CodeAstro Online Leave Application leaveAplicationForm.php sql injection
A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence can lead to sql injection. The attack may be launched remotely. The exploit has been...
CodeAstro Online Leave Application SQL注入漏洞
CodeAstro Online Leave Application is an online leave application system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Online Leave Application version 1.0, which stems from incorrect manipulation of the parameter absence in the file /leaveAplicationForm.php, which could lead ...