1502 matches found
tornado: Tornado Multipart Form-Data Denial of Service
A flaw was found in Tornado. This vulnerability can lead to a a denial of service by generating an extremely high volume of log entries...
tornado: Tornado Multipart Form-Data Denial of Service
A flaw was found in Tornado. This vulnerability can lead to a a denial of service by generating an extremely high volume of log entries...
tornado: Tornado Multipart Form-Data Denial of Service
A flaw was found in Tornado. This vulnerability can lead to a a denial of service by generating an extremely high volume of log entries...
Oracle Linux 9 : python-tornado (ELSA-2025-8136)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-8136 advisory. 6.4.2-2.2 - tests: add citest.fmf + update gating.yaml Related: RHEL-91999 6.4.2-2.1 - httputil: Raise errors instead of logging in multipart/form-data parsing...
CVE-2025-47690
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.1...
OESA-2025-1555 python-tornado security update
Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the...
OESA-2025-1554 python-tornado security update
Tornado is an open source version of the scalable, non-blocking web server and tools. Security Fixes: Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the...
CVE-2025-47690
Missing Authorization vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Privilege Escalation.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.1...
CVE-2025-47690
The CVE-2025-47690 entry concerns the WordPress plugin Lead Form Data Collection to CRM. A missing authorization check in the plugin’s AJAX handling (LB_admin_ajax.php) affects all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to perform privileged action...
SUSE-SU-2025:01649-2 Security update for python-tornado6
This update for python-tornado6 fixes the following issues: - CVE-2025-47287: excessive logging when parsing malformed multipart/form-data can lead to a denial-of-service bsc1243268...
CVE-2024-38873
An issue was discovered in the friendlycaptchaofficial aka Integration of Friendly Captcha extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha...
CVE-2024-9926
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form...
CVE-2023-0694
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf' shortcode in versions up to, and including, 3.3.1. This allows authenticated attackers, with subscriber-level capabilities or above to obtain sensitive information about any standard form...
WordPress plugin Lead Form Data Collection to CRM 安全漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in...
Python Library Tornado 6.5.0 DoS
The detected version of the Tornado Python package, Tornado, is prior to 6.4.2. It is therefore affected by a DoS vulnerability that happens When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows...
CVE-2021-24916
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action...
CVE-2020-9458
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users with minimal privileges to export submitted form data and settings via classrmformcontroller.php rmformexport...
Security update for python-tornado6
This update for python-tornado6 fixes the following issues: CVE-2025-47287: excessive logging when parsing malformed multipart/form-data can lead to a denial-of-service bsc1243268. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...
CVE-2017-15203
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user...
CVE-2017-15204
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user...