GHSA-C567-44RC-M5HQ @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

Security Bulletin: Vulnerability in form-data might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by a vulnerability in form-data. Vulnerabilities include the use of insufficiently random values allowing HTTP Parameter Pollution HPP. More details are described by the CVEs in the "Vulnerability Details" section...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in form-data (CVE-2025-7783)

Summary A vulnerability in the form-data library CVE-2025-7783 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 4.0.5. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTT...

Security Bulletin: IBM Automation Decision Services for Jan 2026- Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783...

Security Bulletin: A vulnerability in form-data affect IBM® Db2® Big SQL.

Summary A vulnerability in form-data affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: Vulnerability in form-data affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in form-data has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses form-data-4.0.0.tgz, form-data-4.0.1.tgz, form-data-4.0.3.tgz which are vulnerable to CVE-2025-7783.

Summary IBM Maximo Application Suite - Monitor Component uses form-data-4.0.0.tgz, form-data-4.0.1.tgz, form-data-4.0.3.tgz which are vulnerable to CVE-2025-7783. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...

Security Bulletin: Security vulnerability in form-data may affect IBM Business Automation Workflow - CVE-2025-7783

Summary IBM Business Automation Workflow references a vulnerable copy of the form-data open source library. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: Astronomer with IBM is vulnerable to HTTP parameter pollution due to the form-data package (CVE-2025-7783)

Summary Form-data is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program...

Security Bulletin: IBM OpenPages fixes form-data package vulnerability

Summary Vulnerability in the form-data package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 8.3, 9.0 and mod version for 9.1 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

Security Bulletin: A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution (CVE-2025-7783)

Summary A vulnerability in form-data affects IBM Robotic Process Automation and may result in HTTP Parameter Polution . form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in form-data package

Summary IBM Watson Discovery Cartridge contains a vulnerable version of form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

EUVD-2025-21906

Malicious code in bioql PyPI...

EUVD-2025-22475

Malicious code in bioql PyPI...

CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...

Security Bulletin: IBM Event Endpoint Management is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783)

Summary Operator of IBM Event Endpoint Management is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to HTTP parameter pollution [CVE-2025-7783]

Summary Node.js module form-data is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to HTTP parameter pollution. This bulletin provides patch information to address the reported vulnerability in Node.js module form-dat...

Security Bulletin: IBM Rational Developer for i is affected by an HTTP Parameter Pollution vulnerability in form-data (CVE-2025-7783)

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP in the Code Coverage functionality within IBM Rational Developer for i. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...