The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager (AEM) Forms on JEE lies in the incorrect restrictions on XML links to external objects. This allows attackers to read arbitrary files.

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager AEM Forms on JEE is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could...

CVE-2025-51533

An Insecure Direct Object Reference IDOR in Sage DPW v202412004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request...

Exploit for CVE-2025-54253

!Explo...

APSB25-82 : Security update available for Adobe Experience Manager Forms

Adobe has released a security update for Adobe Experience Manager Forms on Java Enterprise Edition JEE. This update addresses critical vulnerabilities that could lead to arbitrary code execution and arbitrary file system read...

Exploit for Missing Authorization in Fluentforms Contact_Form

CVE-2024-2771-PoC CVE-2024-2771 Proof-of-Concept The Contact...

WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Connector for Gravity Forms and Google Sheets versions = 1.2.4...

WordPress Connector for Gravity Forms and Google Sheets Plugin plugin <= 1.2.4 - Open Redirection Vulnerability

Open Redirection Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Connector for Gravity Forms and Google Sheets versions = 1.2.4...

Security update for python-starlette

This update for python-starlette fixes the following issues: CVE-2025-54121: Correctly parse multi-part form with large files to avoid DoS. bsc1246855 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:02544-1 Security update for python-starlette

This update for python-starlette fixes the following issues: - CVE-2025-54121: Correctly parse multi-part form with large files to avoid DoS. bsc1246855...

SUSE CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Simple Contact Forms versions = 1.6.4...

DEBIAN-CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

UBUNTU-CVE-2025-54121

Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread t...

Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

GHSA-2C2J-9GV5-CJ73 Starlette has possible denial-of-service vector when parsing large files in multipart forms

Summary When parsing a multi-part form with large files greater than the default max spool size starlette will block the main thread to roll the file over to disk. This blocks the event thread which means we can't accept new connections. Details Please see this discussion for details:...

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager AEM Forms on JEE lies in its deserialization mechanism’s flaws, allowing attackers to execute arbitrary code.

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager AEM Forms on JEE is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a maliciou...

Embedded Malicious Package

Overview @toptal/picasso-forms is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...

Malicious code in @toptal/picasso-forms (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6048 Malicious code in @toptal/picasso-forms (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-49485

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...