189 matches found
PT-2026-49570
Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The QuerystringParser treated the semicolon ; as a field separator in application/x-www-form-urlencoded bodies, in addition to the ampersand &. This deviates from the WHATWG URL standard,...
CVE-2026-9689
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
EUVD-2026-32212
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
CVE-2026-9689
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
CVE-2026-9689
CVE-2026-9689 affects Keycloak, an open-source identity and access management solution. The issue lies in the OIDC redirect URI handling when a client accepts broad redirect URIs, enabling an attacker to craft a special web address that could cause the client to prefer attacker-controlled informa...
CVE-2026-9689
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...
PT-2026-43682
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in Keycloak, an open-source identity and access management solution, allows a remote attacker to manipulate the authentication process by crafting a special web address. This occurs...
Astra Linux - уязвимость в node-form-data
The use of insufficiently random values in form-data allows for HTTP Parameter Pollution HPP. This vulnerability is associated with the program file lib/formdata.Js. This issue affects form-data versions: 2.5.4, 3.0.0 – 3.0.3, 4.0.0 – 4.0.3...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the form-data libary
Summary Due to use of the form-data library, DevOps Test Performance and Rational Performance Tester contain a potential HTTP Parameter Pollution HPP vulnerability CVE-2025-7783. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...
Security Bulletin: Vulnerability in form-data might affect IBM Storage Defender Sentinel Anomaly Scan Engine.
Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by a vulnerability in form-data. Vulnerabilities include the use of insufficiently random values allowing HTTP Parameter Pollution HPP. More details are described by the CVEs in the "Vulnerability Details" section...
Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM Security QRadar Log Management AQL Plugin has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...
Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP Parameter Pollution CVE-2025-7783
Summary form-data is used by the IBM Datapower Operations Dashboard for their streaming implementation Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with...
2N Access Commander 安全漏洞
2N Access Commander is an access control solution provided by 2N Corporation. Versions of 2N Access Commander prior to 3.4.1 contained security vulnerabilities. These vulnerabilities were due to log pollution, which allowed attackers who had been authenticated by administrators to include...
Security Bulletin: IBM Automation Decision Services for Jan 2026- Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: nodejs-form-data (UTSA-2026-005212)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005212 advisory. Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...
Security Bulletin: A vulnerability in form-data affect IBM® Db2® Big SQL.
Summary A vulnerability in form-data affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.2.2 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Insufficient Random Values (CVE-2025-7783)
Summary Due to the use of the form-data JavaScript library, IBM watsonx Orchestrate Developer Edition is vulnerable to predictable boundary values CVE-2025-7783 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...