1518 matches found
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys vulnerability discovered by ? in WordPress Npm form-data-objectizer versions = 1.0.0...
GHSA-M2HG-WJQ3-28WQ form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys
Summary form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate Object.prototype, which is a prototype pollution primitive of th...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021470)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021470 advisory. Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in...
PT-2026-41696
Name of the Vulnerable Software and Affected Versions form-data-objectizer versions prior to 1.0.1 Description The software fails to filter proto , constructor, or prototype when converting FormData to objects using bracket-notation form keys. An attacker can submit a single HTTP form field with ...
PT-2026-41772
Name of the Vulnerable Software and Affected Versions parse-nested-form-data versions prior to 1.0.1 Description The parseFormData function processes bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. An attacker can use a FormData field na...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: undertow (UTSA-2026-021493)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021493 advisory. A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to...
SUSE CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
DEBIAN-CVE-2026-42561
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
CVE-2026-42561 Python-Multipart: Denial of Service via unbounded multipart part headers
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
CVE-2026-42561 Python-Multipart: Denial of Service via unbounded multipart part headers
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individu...
EUVD-2020-31214
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...
CVE-2020-37168
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint,...
Linux Distros Unpatched Vulnerability : CVE-2026-8161
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that...
coreruleset 4.21.0 - Firewall Bypass
Exploit Title: coreruleset 4.21.0 - Firewall Bypass Date: 04/08/2026 Exploit Author: Daytrift Newgen Vendor Homepage: https://github.com/coreruleset Software Link: https://github.com/coreruleset/coreruleset Version: 4.22.0/3.3.8 Tested on: Fedora, MacOS CVE : CVE-2026-21876 import base64 import o...
Improper Handling of Exceptional Conditions
Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the filename parameter parsing in multipart form-data requests. An attacker can cause the process to cra...
EUVD-2026-29413
The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...
CVE-2026-8162 multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename parameter contains a malformed percent-encoding, the parser invokes decodeURI on the value without try/catch. T...
CVE-2026-7050 Forms Rb <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via 'form_id' Parameter
The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...
multiparty 安全漏洞
multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...
multiparty 安全漏洞
multiparty is a Node.js module developed by pillarjs for parsing HTTP multipart/form-data requests. Versions of multiparty 4.2.3 and earlier contain security vulnerabilities; these vulnerabilities stem from unhandled exceptions, which may lead to denial-of-service attacks...