CVE-2026-32701 Qwik has array method pollution in FormData processing, allowing type confusion and DoS

Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. By submitting mixed array-index and object-property keys for the same path, an attacker could cause user-controlled properties to be writte...

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the RechargePut function in the nchf-convergedcharging service. An attacker can cause a server-side panic and disrupt recharge functionality by sending a crafted authenticated PUT request with an...

CVE-2026-31805

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...

EUVD-2026-13494

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...

CVE-2026-31805 Discourse has a poll authorization bypass via post_id array parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of polls they did not have access to. By passing...

Qwik 安全漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.2 contained security vulnerabilities. These vulnerabilities stemmed from improper array inference during FormData parsing from dot-separated form field names, which could lead to request processing failures,...

PT-2026-26542

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.3.0-latest.1 Discourse versions prior to 2026.2.1 Discourse versions prior to 2026.1.2 Description Discourse is an open-source discussion platform. An authorization bypass in the poll plugin allowed authenticat...

Packetbeat does not properly validate an array index in multiple protocol parser components

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in protocol parser components. An attacker can cause the application to crash or exhaust resources by sending specially crafted, malformed network packets to a monitored network interface. Note: This i...

EUVD-2026-13142

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

EUVD-2026-13147

An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the arrayfilter component...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in protocol parser components. An attacker can cause the application to crash or exhaust resources by sending specially crafted, malformed network packets to a monitored network interface. Note: This i...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in protocol parser components. An attacker can cause the application to crash or exhaust resources by sending specially crafted, malformed network packets to a monitored network interface. Note: This i...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in protocol parser components. An attacker can cause the application to crash or exhaust resources by sending specially crafted, malformed network packets to a monitored network interface. Note: This i...

GHSA-27QJ-9GVP-8RH9 Packetbeat does not properly validate an array index in multiple protocol parser components

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

CVE-2026-30694

An issue in DedeCMS v.5.7.118 and before allows a remote attacker to execute arbitrary code via the arrayfilter component...

CVE-2026-26933

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

Prototype Pollution via parse() in NodeJS flatted

--- Summary The parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "\proto\" returns Array.prototype via the...