CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1498 matches found

IBM Security Bulletins•added 2025/09/17 5:29 p.m.•7 views

Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)

Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...

7.8CVSS7.1AI score0.00329EPSS

Exploits1Affected Software1

Veracode•added 2025/09/17 5:42 a.m.•8 views

XML External Entity Injection (XXE)

org.apache.tika, tika-parser-pdf-module is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of crafted XFA files inside PDFs, which allows an attacker to read sensitive data or trigger malicious requests to internal or third-party servers...

9.8CVSS7AI score0.02962EPSS

Exploits4References11Affected Software2

IBM Security Bulletins•added 2025/09/16 7:29 p.m.•8 views

Security Bulletin: IBM Rational Developer for i is affected by an HTTP Parameter Pollution vulnerability in form-data (CVE-2025-7783)

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP in the Code Coverage functionality within IBM Rational Developer for i. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

9.4CVSS6.7AI score0.01613EPSS

Exploits1Affected Software1

OSV•added 2025/09/12 2:26 p.m.•5 views

OESA-2025-2276 nodejs-form-data security update

A module to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications. Security Fixes: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program file...

9.4CVSS7AI score0.01613EPSS

Exploits1References2

IBM Security Bulletins•added 2025/09/11 6:16 p.m.•5 views

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to the Use of Insufficiently Random Values due to form_data.Js (CVE-2025-7783)

Summary The Data Cataloging Service in IBM Fusion and IBM Fusion HCI uses the formdata.js package which is vulnerable to the use of insufficiently random values which allows an attacker to deduce the state of the pseudo-random number generator in formdata and to craft payloads that include...

9.4CVSS6.7AI score0.01613EPSS

Exploits1Affected Software3

Microsoft CVE•added 2025/09/04 4:2 a.m.•3 views

Usage of unsafe random function in form-data for choosing boundary

...

9.4CVSS7AI score0.01613EPSS

Exploits1

IBM Security Bulletins•added 2025/09/03 8:10 a.m.•3 views

Security Bulletin: A vulnerability in form-data may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-7783)

Summary There is a vulnerability in form-data used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerabili...

9.4CVSS4.8AI score0.01613EPSS

Exploits1Affected Software1

Tenable Nessus•added 2025/09/03 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2013-2081

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider don't send attributes during hub registration, which...

4.3CVSS5.5AI score0.01556EPSS

Exploits0References2

Tenable Nessus•added 2025/09/03 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2013-2083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle...

5CVSS5.5AI score0.01541EPSS

Exploits0References2

IBM Security Bulletins•added 2025/09/02 5:11 a.m.•10 views

Security Bulletin: Insufficiently Random Values in form-data (lib/form_data.js) Leads to HTTP Parameter Pollution (HPP) – Affects versions <2.5.4, 3.0.0–3.0.3, and 4.0.0–4.0.3

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION...

9.4CVSS5.1AI score0.01613EPSS

Exploits1Affected Software1

Tenable Nessus•added 2025/08/30 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2018-16789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, a...

7.8CVSS7.2AI score0.05986EPSS

Exploits3References2

RedHat Linux•added 2025/08/28 3:21 p.m.•5 views

Moderate: Red Hat Security Advisory: Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.8 for Red Hat OpenShift Service Mesh 3.0 This update has a security impact of important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section Kiali 2.4.8, for Red H...

9.4CVSS6.8AI score0.01613EPSS

Exploits1References3

IBM Security Bulletins•added 2025/08/28 3:11 p.m.•4 views

Security Bulletin: Db2 Bridge Release 1.1.1

Summary This issue Affected users using Db2 Bridge 1.1.1 and new Fix pack was release to address the issue. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

9.4CVSS4.9AI score0.01613EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/08/28 12:50 a.m.•6 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficientl...

9.4CVSS9.4AI score0.01613EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/08/28 12:44 a.m.•10 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

9.4CVSS9.4AI score0.01613EPSS

Exploits1Affected Software1

CVE•added 2025/08/27 9:24 p.m.•14 views

CVE-2025-34163

Dongsheng Logistics Software is affected by CVE-2025-34163 due to an unauthenticated endpoint at /CommMng/Print/UploadMailFile that does not validate file types or enforce proper access control. A crafted multipart/form-data POST enables uploading arbitrary files, including executable scripts suc...

10CVSS6.6AI score0.0061EPSS

In wildExploits0References3

IBM Security Bulletins•added 2025/08/25 4:4 p.m.•7 views

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is...

9.4CVSS7.1AI score0.01613EPSS

Exploits1Affected Software1

Veracode•added 2025/08/25 9:26 a.m.•3 views

Denial Of Service (DoS)

github.com/gofiber/fiber is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation when parsing form data with excessively large numeric slice indexes, leading to integer overflow or memory exhaustion and application crash...

8.7CVSS7.3AI score0.00331EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2025/08/24 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2018-19789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1...

5.3CVSS6.6AI score0.03589EPSS

Exploits0References2

Positive Technologies•added 2025/08/20 12:0 a.m.•10 views

PT-2025-34153

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.13 through 3.2.1 Apache Tika tika-core versions 1.13 through 3.2.1 Apache Tika tika-pdf-module versions 2.0.0 through 3.2.1 Apache Tika tika-parsers versions 1.13 through 1.28.5 Description A critical XML External Entity...

10CVSS8.6AI score0.79807EPSS

Exploits6References61

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by