Lucene search
K

1518 matches found

CVE
CVE
added 2026/05/27 3:20 p.m.17 views

CVE-2026-44483

RVF prototype pollution risk in form handling : The issue is in the set-get component used by @rvf/core’s preprocessFormData. Vulnerable in @rvf/set-get versions < 6.0.4 (6.x) and

8.2CVSS6AI score0.00271EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys function when a form key contains an opening without a matching . An attacker can cause the application to become unresponsive by sending specially crafted network requests that trigge...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.10 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.10 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.10 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.11 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 5:35 p.m.9 views

GHSA-XH3C-6GCQ-G4RV multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/18 5:35 p.m.34 views

multiparty vulnerable to Denial of Service via Uncaught Exception in filename* parameter parsing

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition: filename=utf-8'' header containing a malformed percent-encoding e.g., %FF, %GG, the parser invokes decodeURI on the value...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/18 5:35 p.m.12 views

Uncaught Exception

Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...

8.7CVSS5.8AI score0.00473EPSS
Exploits1References2
OSV
OSV
added 2026/05/18 5:35 p.m.8 views

GHSA-QXCH-WHHJ-8956 multiparty: Denial of Service via Prototype Pollution leads to Uncaught Exception

Impact [email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property e.g., proto, constructor, toString, the parser invokes .push on the inherited...

7.5CVSS5.8AI score0.00473EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/18 5:35 p.m.13 views

Uncaught Exception

Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. An attacker can...

8.7CVSS5.8AI score0.00473EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/18 4:43 p.m.15 views

Prototype Pollution

Overview parse-nested-form-data is an A tiny node module for parsing FormData by name into objects and arrays Affected versions of this package are vulnerable to Prototype Pollution via the parseFormData process. An attacker can modify the prototype of all plain objects in the running process by...

8.8CVSS6.3AI score0.00315EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/18 4:43 p.m.10 views

NPM: parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

NPM: parse-nested-form-data has Prototype Pollution via proto in FormData field names vulnerability discovered by ? in WordPress Npm parse-nested-form-data versions = 1.0.0...

8.2CVSS5.8AI score0.00315EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/18 4:43 p.m.13 views

parse-nested-form-data has Prototype Pollution via `__proto__` in FormData field names

Summary parseFormData walks bracket and dot-notation FormData field names into nested objects without filtering reserved property keys. A single FormData field whose name begins with proto, or contains .proto. mid-path, causes the parser to traverse onto Object.prototype and assign properties...

8.2CVSS5.9AI score0.00315EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2026/05/18 4:21 p.m.71 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Analysis Report Sections require...

10CVSS7.8AI score0.99562EPSS
Exploits373
Patchstack
Patchstack
added 2026/05/18 1:28 p.m.8 views

NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys

NPM: form-data-objectizer: Prototype pollution in form-data-objectizer via bracket-notation form keys vulnerability discovered by ? in WordPress Npm form-data-objectizer versions = 1.0.0...

8.2CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder