CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/29 1:40 p.m.•7 views

CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys

Cvelist•added 2026/05/29 1:40 p.m.•33 views

CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys

8.2CVSS0.00282EPSS

ATTACKERKB•added 2026/05/29 1:40 p.m.•7 views

CVE-2026-46510

Exploits0References3Affected Software1

EUVD•added 2026/05/29 1:40 p.m.•8 views

EUVD-2026-33321

CVE•added 2026/05/29 1:40 p.m.•11 views

CVE-2026-46510

CVE-2026-46510 affects form-data-objectizer

IBM Security Bulletins•added 2026/05/29 8:42 a.m.•10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2026-31958

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5.3-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2026-31958. This bulletin contains information addressing the vulnerability. Vulnerability...

8.7CVSS7.2AI score0.00375EPSS

Exploits0Affected Software1

CNNVD•added 2026/05/29 12:0 a.m.•5 views

form-data-objectizer 安全漏洞

form-data-objectizer is a form data-to-object conversion tool developed by Kasper Stöckel. Versions of form-data-objectizer prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of filtering for proto, constructor, or prototype when handling bracket notati...

NVD•added 2026/05/27 5:16 p.m.•9 views

CVE-2026-44483

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS0.00271EPSS

Vulnrichment•added 2026/05/27 3:43 p.m.•6 views

CVE-2026-44325 free5GC: NRF POST /oauth2/token structured-form parser type-confusion panic family (Reflect.Set on incompatible types)

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq,...

7.5CVSS5.8AI score0.00364EPSS

Exploits1References4

Cvelist•added 2026/05/27 3:20 p.m.•38 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

8.2CVSS0.00271EPSS

ATTACKERKB•added 2026/05/27 3:20 p.m.•8 views

CVE-2026-44483

8.2CVSS6AI score0.00271EPSS

Exploits0References2Affected Software2

EUVD•added 2026/05/27 3:20 p.m.•10 views

EUVD-2026-32564

8.2CVSS5.9AI score0.00271EPSS

Vulnrichment•added 2026/05/27 3:20 p.m.•6 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

8.2CVSS5.9AI score0.00271EPSS

CVE•added 2026/05/27 3:20 p.m.•8 views

CVE-2026-44483

RVF prototype pollution risk in form handling : The issue is in the set-get component used by @rvf/core’s preprocessFormData. Vulnerable in @rvf/set-get versions < 6.0.4 (6.x) and

8.2CVSS6AI score0.00271EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в node-form-data

The use of insufficiently random values in form-data allows for HTTP Parameter Pollution HPP. This vulnerability is associated with the program file lib/formdata.Js. This issue affects form-data versions: 2.5.4, 3.0.0 – 3.0.3, 4.0.0 – 4.0.3...

9.4CVSS6.6AI score0.01589EPSS

Exploits1References1

Snyk•added 2026/05/18 7:10 p.m.•6 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

Snyk•added 2026/05/18 7:10 p.m.•6 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

Snyk•added 2026/05/18 7:10 p.m.•3 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

Snyk•added 2026/05/18 7:10 p.m.•3 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...