MiracleLinux 7 : php-5.4.16-48.0.3.el7.AXS7 (AXSA:2024-9004:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9004:04 advisory. CVE-2024-8925: Fix data integrity violation while parsing multipart/form-data boundaries larger than the read buffer CVEs: CVE-2024-8925 In PHP versions 8.1...

CVE-2025-12825

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

CVE-2025-12825

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

CVE-2025-12825 User Registration Using Contact Form 7 <= 2.5 - Authenticated (Subscriber+) Information Exposure

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getcf7formdata' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form settings...

CVE-2025-12825

CVE-2025-12825 affects the WordPress plugin User Registration Using Contact Form 7. The issue is a missing capability check in get_cf7_form_data across all versions up to and including 2.5, enabling unauthorized data access (including Facebook app secrets) by unauthenticated users. Connected sour...

WordPress plugin: User Registration Using Contact Form security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-3347

The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get cf7 form data' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to retrieve form...

CVE-2026-22803

CVE-2026-22803 affects SvelteKit. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary format for submitted data, and a crafted payload can trigger unbounded memory allocation, causing a DoS via memory exhaustion. This is fixed in 2.49.5. Impact is memory exhaustion of the s...

USN-7960-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2025-59830 It was discovered that Rack did not properly handle...

USN-7960-1 ruby-rack vulnerabilities

It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2025-59830 It was discovered that Rack did not properly handle...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Vulnerability Detection and Exploitation Tool...

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.3 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 8.1 for Red Hat Enterprise Linux 8. A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A...

Improper Validation of Specified Type of Input

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input that is passed to the handleFormData function. An attacker can gain unauthorized access to files on the underlying server by requests with unexpected...

Improper Validation of Specified Type of Input

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input that is passed to the handleFormData function. An attacker can gain unauthorized access to files on the underlying server by requests with unexpected...

CVE-2019-7871

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-873)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-873 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

Security Bulletin: Vulnerability in form-data affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in form-data has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...