CVE-2015-20116

Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users'...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: pcs (UTSA-2026-006185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006185 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounters certain errors, it logs a warning but...

Denial Of Service (DoS)

Tornado is vulnerable to Denial of Service DoS. The vulnerability is due to synchronous parsing of multipart/form-data without limiting the number of parts, allowing attackers to send large requests with many parts that consume excessive CPU and block the main thread...

multipart vulnerable to ReDoS in `parse_options_header()`

Summary The parseoptionsheader function in multipart.py uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted HTTP or multipart segment headers. This can be abused for denial of service DoS attacks against web...

EUVD-2026-11323

Tornado is vulnerable to DoS due to too many multipart parts...

SUSE CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

Allocation of Resources Without Limits or Throttling

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during the parsing of multipart/form-data bodies containing an excessive...

PYSEC-2026-140

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

DEBIAN-CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

CVE-2026-31958 Tornado has a DoS due to too many multipart parts

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

CVE-2026-31958

Tornado (Python) before 6.5.5 is vulnerable in its multipart/form-data parsing: the only limit is max_body_size (default 100MB) and parsing occurs synchronously on the main thread, enabling denial-of-service via very large multipart bodies with many parts. The issue is fixed in 6.5.5. CVSS metric...

CVE-2026-31958 Tornado has a DoS due to too many multipart parts

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

EUVD-2026-11085

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

CVE-2026-1867

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

CVE-2026-1867

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure

The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a URL parameter to regenerate a .json file based on demo data that it initially creates. If an administrator modifies the demo form and enables admin notifications in the Guest posting / Frontend...

GHSA-V8W9-8MX6-G223 Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })

Summary When using parseBody dot: true in HonoRequest, specially crafted form field names such as proto.x could create objects containing a proto property. If the parsed result is later merged into regular JavaScript objects using unsafe merge patterns, this may lead to prototype pollution in the...