Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1465 matches found

EUVD
EUVDadded 21 hours ago7 views

EUVD-2026-34941

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS5.7AI score
Exploits0References10
Vulnrichment
Vulnrichmentadded 21 hours ago5 views

CVE-2026-8901 Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS5.7AI score
Exploits0References10
Positive Technologies
Positive Technologiesadded 23 hours ago6 views

PT-2026-47123

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS5.7AI score
Exploits0References11
RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-45302

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.4AI score0.00045EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2026-44483

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS5.6AI score0.00055EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded yesterday4 views

CVE-2026-44325

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/apiaccesstoken.go reflects over models.NrfAccessTokenAccessTokenReq,...

7.5CVSS5.5AI score0.00124EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2026-8161

[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...

7.5CVSS5.5AI score0.00016EPSS
Exploits1References1
OSV
OSVadded 2 days ago5 views

ROOT-APP-NPM-CVE-2025-7783 CVE-2025-7783 in @rootio/form-data - Patched by Root

Root has patched CVE-2025-7783 in the @rootio/form-data package for Root:npm. Multiple fixed versions available...

5.4CVSS7.5AI score0.01319EPSS
Exploits1
NVD
NVDadded 5 days ago6 views

CVE-2026-45302

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS0.00045EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 5 days ago4 views

CVE-2026-45302 Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.7AI score0.00045EPSS
Exploits0References3
Cvelist
Cvelistadded 5 days ago23 views

CVE-2026-45302 Prototype Pollution in parse-nested-form-data via `__proto__` in FormData field names

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS0.00045EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 5 days ago6 views

CVE-2026-45302

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.7AI score0.00045EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 5 days ago7 views

EUVD-2026-33723

parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with...

8.2CVSS5.8AI score0.00045EPSS
Exploits0References3
CNNVD
CNNVDadded 5 days ago4 views

parse-nested-form-data security vulnerability

parse-nested-form-data is a form data parsing tool developed by Christian Schurr. Versions of parse-nested-form-data prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of parseFormData, which did not filter or preserve attribute keys when parsing FormDat...

8.2CVSS5.8AI score0.00045EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/30 2:55 p.m.9 views

EUVD-2018-21934

Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docsupload.php with crafted multipart form data. Attackers can upload PHP files with arbitrary content to the upload directory and execute th...

9.8CVSS6.4AI score0.00456EPSS
Exploits1References5
NVD
NVDadded 2026/05/29 2:16 p.m.11 views

CVE-2026-46510

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

8.2CVSS0.00055EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/29 1:40 p.m.4 views

CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

8.2CVSS5.8AI score0.00055EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 1:40 p.m.7 views

CVE-2026-46510

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

8.2CVSS5.8AI score0.00055EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/29 1:40 p.m.9 views

CVE-2026-46510

CVE-2026-46510 affects form-data-objectizer

8.2CVSS5.8AI score0.00055EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/29 1:40 p.m.31 views

CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

8.2CVSS0.00055EPSS
Exploits0References2
Rows per page
Query Builder