form-data 安全漏洞

Form-Data is a FormData open source module for creating readable form data streams. It can be used for form submissions and file uploads to other web applications. A security vulnerability exists in form-data versions prior to 2.5.4, 3.0.0 through 3.0.3, and 4.0.0 through 4.0.3, which stems from ...

PT-2025-30061

Name of the Vulnerable Software and Affected Versions form-data versions 2.5.4 form-data versions 3.0.0 through 3.0.3 form-data versions 4.0.0 through 4.0.3 Description A vulnerability exists in the form-data JavaScript library due to the use of insufficiently random values when generating bounda...

The vulnerability of the multipart/form-data component in the web framework and the asynchronous networking library Tornado, which allows a hacker to trigger a service failure

The vulnerability of the multipart/form-data component of the web framework and the asynchronous networking library Tornado is related to the use of incorrect authentication tokens due to unlimited resource distribution. Exploiting this vulnerability can allow a malicious actor to cause service...

WordPress Radio Station Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in WordPress Radio Station, which stems from the application not properly handling user-submitted form data, and no detail...

CVE-2025-5692

The CVE-2025-5692 entry concerns the WordPress plugin Lead Form Data Collection to CRM (versions up to and including 3.1). It states a missing capability check in multiple functions within LB_admin_ajax.php (notably doFieldAjaxAction), allowing authenticated users with Subscriber-level access and...

WordPress plugin Lead Form Data Collection to CRM 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lead Form Data Collection to CRM plugin, which stems from a missing capability check in the function...

PT-2025-27582 · WordPress · Lead Form Data Collection To Crm

Name of the Vulnerable Software and Affected Versions: Lead Form Data Collection to CRM plugin for WordPress versions up to, and including, 3.1 Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the doFieldAjaxActi...

Security Bulletin: Werkzeug < 3.0.6 - Multipart Form Data Parsing Resource Exhaustion Vulnerability

Summary Werkzeug is a Web Server Gateway Interface web application library. Applications using werkzeug.formparser.MultiPartParser corresponding to a version of Werkzeug prior to 3.0.6 to parse multipart/form-data requests e.g. all flask applications are vulnerable to a relatively simple but...

python-werkzeug: high resource usage when parsing multipart form data with many fields

A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...

Security update for python-tornado6

This update for python-tornado6 fixes the following issues: CVE-2024-52804: Fixed excessive CPU consumption by the algorithm used for parsing HTTP cookies bsc1233668 CVE-2025-47287: Fixed denial-of-service via generation of an extremely high volume of logs due to multipart/form-data parser...

SUSE-SU-2025:20430-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues: - CVE-2025-47287: Fixed denial of service via generation of an extremely high volume of logs due to multipart/form-data parser bsc1243268...

Tracker Installations Are Not Created Equal: Understanding Tracker Configuration of Form Data Collection

Targeted advertising is fueled by the comprehensive tracking of users' online activity. As a result, advertising companies, such as Google and Meta, encourage website administrators to not only install tracking scripts on their websites but configure them to automatically collect users' Personall...

USN-7567-1: ModSecurity vulnerabilities

Simon Studer discovered that ModSecurity incorrectly handled certain JSON objects. An attacker could possibly use this issue to cause a denial of service. CVE-2025-47947 It was discovered that ModSecurity incorrectly handled requests when parsing certain form data. An attacker could possibly use...

USN-7567-1 modsecurity-apache vulnerabilities

Simon Studer discovered that ModSecurity incorrectly handled certain JSON objects. An attacker could possibly use this issue to cause a denial of service. CVE-2025-47947 It was discovered that ModSecurity incorrectly handled requests when parsing certain form data. An attacker could possibly use...

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...

Medium: python-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

Medium: python3-tornado

Issue Overview: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume ...

Amazon Linux 2 : python3-tornado (ALAS-2025-2889)

The version of python3-tornado installed on the remote host is prior to 5.0.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2889 advisory. Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form- data parser encounter...

Denial Of Service (DoS)

octoprint is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of malformed multipart/form-data requests due to an endless loop triggered by a missing end boundary, which causes the single-threaded Tornado web server to become unresponsive...

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. The issue can be triggered by a broken...