Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently...

EUVD-2023-60247

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...

CVE-2023-53962

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated directory traversal vulnerability that allows remote attackers to write arbitrary files through the 'upgfile' parameter in upload.cgi. Attackers can exploit the vulnerability by sending crafted multipart form-data POST requests with...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GetFieldValueForMail method in the BizFormMailSender class. An attacker can inject arbitrary HTML...

CVE-2025-68130

tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Insufficient Random Values (CVE-2025-7783)

Summary Due to the use of the form-data JavaScript library, IBM watsonx Orchestrate Developer Edition is vulnerable to predictable boundary values CVE-2025-7783 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

CVE-2025-11924

The CVE-2025-11924 entry concerns Ninja Forms – The Contact Form Builder That Grows With You for WordPress (versions up to and including 3.13.2). Affected component: the ninja-forms-views REST endpoints. Root cause: insufficient authorization checks allow an unauthenticated attacker to read arbit...

CVE-2025-11924 Ninja Forms – The Contact Form Builder That Grows With You <= 3.13.2 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via Unscoped Bearer Token

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

EUVD-2025-203882

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

VulnCheck KEV: CVE-2025-11924

The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.13.2. This is due to the plugin not properly verifying that a user is authorized before the ninja-forms-views REST endpoints...

GHSA-43P4-M455-4F4J tRPC has possible prototype pollution in `experimental_nextAppDirCaller`

Note that this vulnerability is only present when using experimentalcaller / experimentalnextAppDirCaller. Summary A Prototype Pollution vulnerability exists in @trpc/server's formDataToObject function, which is used by the Next.js App Router adapter. An attacker can pollute Object.prototype by...

Prototype Pollution

Overview @trpc/server is a The tRPC server library Affected versions of this package are vulnerable to Prototype Pollution via the formDataToObject function. An attacker can modify Object.prototype by submitting specially crafted FormData field names, which may result in authorization bypass,...

CVE-2025-68130

Summary: CVE-2025-68130 is a prototype pollution flaw in @trpc/server (formDataToObject) used by the Next.js App Router adapter when experimental_nextAppDirCaller is enabled. The root cause is that formDataToObject processes bracket/dot-notation keys without validating dangerous keys (e.g., proto...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js RCE Scanner - CVE-2025-55182 & CVE-2025-66478...

CVE-2025-67726 Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The parseparam function in httputil.py is used to parse specific HTTP header values, such as thos...

CVE-2025-67726

Tornado (Python) vulnerability CVE-2025-67726 affects versions 6.5.2 and earlier, due to an inefficient _parseparam-based parsing of HTTP header parameters (e.g., Content-Disposition). The implementation repeatedly calls string.count() inside a nested loop while handling quoted semicolons, causin...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses form-data-4.0.0.tgz, form-data-4.0.1.tgz, form-data-4.0.3.tgz which are vulnerable to CVE-2025-7783.

Summary IBM Maximo Application Suite - Monitor Component uses form-data-4.0.0.tgz, form-data-4.0.1.tgz, form-data-4.0.3.tgz which are vulnerable to CVE-2025-7783. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 / CVE-2025-66478 Vulnerability Replay Environme...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell Scanner A comprehensive vulnera...