32016 matches found
Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...
WordPress Contact Form 7 Captcha <0.1.2 - Cross-Site Scripting
WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute. id: CVE-2022-2187 info: name: WordPress Contact Form 7 Captcha 0.1.2 - Cross-Site Scripting...
ROS-20260626-73-0028
The vulnerability in ImageMagick 7 is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
PT-2026-52582
Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...
EUVD-2026-38262
A Missing Authorization vulnerability in a GraphQL private API operation of the Google App Engine section of the Cloud Console allows an unauthenticated remote attacker to leak sensitive App Engine request logs from other projects using a specially crafted request. This vulnerability was patched ...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability
Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.1...
Oracle Linux 7 : firefox (ELSA-2026-19704)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19704 advisory. - Update to 140.10.0 ESR Orabug: 39499844CVE-2026-6746CVE-2026-6747 CVE-2026-6748CVE-2026-6749CVE-2026-6750CVE-2026-6751CVE-2026-6752...
CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...
CVE-2026-49104
CVE-2026-49104 affects the WordPress plugin “Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions
NPM: protobufjs : Schema-derived names can shadow runtime-significant properties
NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.2...
Oracle Linux 7 : gstreamer-plugins-base / and / gstreamer-plugins-good (ELSA-2026-7850)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7850 advisory. - Security update CVE-2026-2921 Orabug: 39201593 gstreamer-plugins-good Tenable has extracted the preceding description block directly from the Oracle...
PT-2026-49508
Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...
pac-exploits-priv
CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulne...
MAL-2026-5353 Malicious code in crypto-utils-7 (npm)
Crypto/SSH/wallet stealer, blockchain-helper-0/web3-tools-9 campaign sibling c960/c961. postinstall scripts/postinstall.js auto-execs, src/index.js harvests /.ssh/idrsa+wallet keys/seeds+env, self-labels "CRYPTO STEALER", exfils to IDENTICAL Telegram bot 8227918239 chat 6433587894 not rotated...
CVE-2026-11465
CVE-2026-11465 affects songquanpeng’s one-api (up to 0.6.11-preview.7). The issue is in the Redemption Code Top-Up Endpoint, specifically the function Redeem in file model/redemption.go, where manipulation leads to business logic errors. Reported as exploitable remotely with high complexity and l...
One API 安全漏洞
One API is an LLM API management and distribution system developed by JustSong’s developers. Versions of One API prior to 0.6.11-preview.7 contained a security vulnerability. This vulnerability stemmed from a function issue in the Redemption Code Top-Up Endpoint component’s model/redemption.go...
WordPress Drag and Drop Multiple File Upload for Contact Form 7 plugin <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin Drag and Drop Multiple File Upload – Contact Form 7 versions = 1.3.9.7...
CVE-2026-4873 affecting package curl for versions less than 8.11.1-7
CVE-2026-4873 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...
CVE-2026-7168 affecting package curl for versions less than 8.11.1-7
CVE-2026-7168 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...
CVE-2026-36180
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...