RLSA-2025:8135 Important: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2025-10735

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...

CVE-2025-10735 Block For Mailchimp – Easy Mailchimp Form Integration <= 1.1.12 - Unauthenticated Blind Server-Side Request Forgery

The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via the mcbSubmitFormData. This makes it possible for unauthenticated attackers to make web requests to arbitrary location...

PT-2025-40059

Name of the Vulnerable Software and Affected Versions The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress versions up to and including 1.1.12 Description The software is susceptible to a Blind Server-Side Request Forgery issue. This allows unauthenticated attackers to...

Linux Distros Unpatched Vulnerability : CVE-2025-9648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a...

AZL-68085 CVE-2025-9648 affecting package ceph for versions less than 16.2.10-10

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

AZL-68073 CVE-2025-9648 affecting package ceph for versions less than 18.2.2-11

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-9648 Denial of Service in CivetWeb

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

Security Bulletin: IBM Event Endpoint Management is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783)

Summary Operator of IBM Event Endpoint Management is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event...

Security Bulletin: IBM Event Processing is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).

Summary IBM Event Processing is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...

Security Bulletin:IBM Event Streams is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).

Summary IBM Event Streams is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...

Security Bulletin: Vulnerabilities in Apache Tomcat and form-data might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and form-data. Vulnerabilities include a memory leak which result in a denial of service, possible for a specially crafted request to bypass some rewrite rules which could be bypassed security...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to HTTP parameter pollution [CVE-2025-7783]

Summary Node.js module form-data is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to HTTP parameter pollution. This bulletin provides patch information to address the reported vulnerability in Node.js module form-dat...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in...

Security Bulletin: IBM Watsonx BI is affected by use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).

Summary Watsonx BI use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006, 24.0.1-IF004 and 25.0.0-IF001. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random...

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

Security update for wireshark

This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces bsc1249090. Other issues fixed: Bug in UDS dissector with Service...

PT-2025-39066

Name of the Vulnerable Software and Affected Versions MagicProject AI version 9.1 Description MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS issue within the chatbot generation feature accessible to authenticated admin users. The issue is located in the prompt parameter...

Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)

Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...