CVE-2026-44483

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview @builder.io/qwik-city is a The meta-framework for Qwik. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the FormData function when handling application/x-www-form-urlencoded or multipart/form-data requests. An attacker ca...

Linux Distros Unpatched Vulnerability : CVE-2018-19789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1...

WordPress Radio Station Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress Radio Station, which stems from the application not properly handling user-submitted form data, and no detail...

FastChat Denial of Service vulnerability

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-12864

A Denial of Service DoS vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large...

CVE-2024-12070

A Denial of Service DoS vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 LLaVA-1.6. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large...

LLaVA 安全漏洞

LLaVA is an application by the individual developer Haotian Liu. A security vulnerability exists in LLaVA v1.2.0, which stems from improper handling of form-data in a file upload request and could lead to a denial of service attack...

5: multiple stored XSS vulnerabilities

Multiple cross-site scripting XSS flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users...