Security Bulletin: IBM Event Processing is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).

Summary IBM Event Processing is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in...

Security Bulletin: IBM Watsonx BI is affected by use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).

Summary Watsonx BI use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006, 24.0.1-IF004 and 25.0.0-IF001. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random...

OESA-2025-2276 nodejs-form-data security update

A module to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications. Security Fixes: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program file...

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to the Use of Insufficiently Random Values due to form_data.Js (CVE-2025-7783)

Summary The Data Cataloging Service in IBM Fusion and IBM Fusion HCI uses the formdata.js package which is vulnerable to the use of insufficiently random values which allows an attacker to deduce the state of the pseudo-random number generator in formdata and to craft payloads that include...

Security Bulletin: Insufficiently Random Values in form-data (lib/form_data.js) Leads to HTTP Parameter Pollution (HPP) – Affects versions <2.5.4, 3.0.0–3.0.3, and 4.0.0–4.0.3

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION...

Security Bulletin: Db2 Bridge Release 1.1.1

Summary This issue Affected users using Db2 Bridge 1.1.1 and new Fix pack was release to address the issue. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficientl...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is...

Linux Distros Unpatched Vulnerability : CVE-2025-7783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

SUSE CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

DEBIAN-CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CVE-2025-7783

CVE-2025-7783 affects node-form-data; vulnerable versions include

PT-2025-22851 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall Demo up to 20250505 Description: A vulnerability was found in Tmall Demo, affecting an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random values. It is...

CVE-2024-28013

Use of Insufficiently Random Values vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP,...

CVE-2023-27987

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

CVE-2022-23138

ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack...