CVE-2026-33013

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

CVE-2026-33013

Summary of CVE-2026-33013 (Micronaut DoS via crafted form-urlencoded binding) : A flaw in Micronaut Framework (micronaut-json-core) allows remote attackers to cause a Denial of Service by sending crafted indexed form parameters that rely on descending array indices during form-urlencoded body bin...

Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

CVE-2026-2890 Formidable Forms <= 6.28 - Missing Authorization to Unauthenticated Payment Integrity Bypass via PaymentIntent Reuse

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

Lightbend Play Framework 资源管理错误漏洞

Lightbend Play Framework is a web application framework written in the Scala language from Lightbend, Inc. A resource management error vulnerability exists in Lightbend Play Framework versions 2.8.3 through 2.8.15, which results in a denial of service when using the FormbindFromRequest method on...