CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

254 matches found

IBM Security Bulletins•added 2025/09/03 8:10 a.m.•2 views

Security Bulletin: A vulnerability in form-data may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-7783)

Summary There is a vulnerability in form-data used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerabili...

9.4CVSS4.8AI score0.01319EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/09/02 5:11 a.m.•8 views

Security Bulletin: Insufficiently Random Values in form-data (lib/form_data.js) Leads to HTTP Parameter Pollution (HPP) – Affects versions <2.5.4, 3.0.0–3.0.3, and 4.0.0–4.0.3

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION...

9.4CVSS5.1AI score0.01319EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/08/28 3:11 p.m.•3 views

Security Bulletin: Db2 Bridge Release 1.1.1

Summary This issue Affected users using Db2 Bridge 1.1.1 and new Fix pack was release to address the issue. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

9.4CVSS4.9AI score0.01319EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/08/28 12:50 a.m.•5 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficientl...

9.4CVSS9.4AI score0.01319EPSS

Exploits1Affected Software1

Tenable Nessus•added 2025/08/08 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-7783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

9.4CVSS6.4AI score0.01319EPSS

Exploits1References3

Debian•added 2025/07/31 11:30 p.m.•5 views

[SECURITY] [DLA 4261-1] node-form-data security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4261-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb July 31, 2025 https://wiki.debian.org/LTS -...

9.4CVSS5.8AI score0.01319EPSS

Exploits1

Tenable Nessus•added 2025/07/31 12:0 a.m.•1 views

Debian dla-4261 : node-form-data - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4261 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4261-1 [email protected] https://www.debian.org/lts/security/...

9.4CVSS6.7AI score0.01319EPSS

Exploits1References4

Veracode•added 2025/07/24 5:27 a.m.•3 views

HTTP Parameter Pollution

form-data is vulnerable to HTTP Parameter Pollution HPP. The vulnerability is due to the use of weak randomness in generating boundary values in lib/formdata.js, which allows an attacker to perform HTTP Parameter Pollution HPP by manipulating form data...

9.4CVSS5.9AI score0.01319EPSS

Exploits1References7Affected Software1

OSV•added 2025/07/23 4:49 p.m.•9 views

GHSA-RM8P-CX58-HCVX Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data

Withdrawn Advisory This advisory has been withdrawn because users of Axios 1.10.0 have the flexibility to use a patched version of form-data, the software in which the vulnerability originates, without upgrading Axios to address GHSA-fjxv-7rqg-78g4. Original Description A critical vulnerability...

7.5CVSS6.2AI score0.01319EPSS

Exploits1References8

Github Security Blog•added 2025/07/23 4:49 p.m.•24 views

Withdrawn Advisory: Axios has Transitive Critical Vulnerability via form-data

6.2AI score

Exploits0References8Affected Software1

Positive Technologies•added 2025/07/23 12:0 a.m.•0 views

PT-2025-30624

Name of the Vulnerable Software and Affected Versions: Axios version 1.10.0 Description: A flaw in the form-data package, used by Axios, allows attackers to predict multipart boundaries, potentially leading to HTTP parameter pollution and injection. Recommendations: Update to version 1.11.0...

6.4AI score

Exploits0References6

SUSE CVE•added 2025/07/21 11:25 p.m.•2 views

SUSE CVE-2025-7783

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

6.5CVSS7AI score0.01319EPSS

Exploits1References4

OSV•added 2025/07/18 5:15 p.m.•0 views

AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4

9.4CVSS6.7AI score0.01319EPSS

Exploits1References1