518 matches found
WordPress SureForms plugin <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id' vulnerability
Unauthenticated Payment Amount Validation Bypass via 'formid' vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin SureForms versions = 2.5.2...
CVE-2026-4987
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'
The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...
PT-2026-28706
Name of the Vulnerable Software and Affected Versions SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress versions up to and including 2.5.2 Description The SureForms plugin is susceptible to a Payment Amount Bypass issue. This occurs because the create payment...
Session Fixation
Overview Affected versions of this package are vulnerable to Session Fixation in the authentication process when callbackmode is set to direct. An attacker can gain unauthorized access to a victim's session by initiating an authentication request and tricking the victim into visiting a crafted UR...
GHSA-7Q7G-X6VG-XPC3 OpenBao lacks user confirmation for OIDC direct callback mode
Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the...
CVE-2026-33438
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...
CVE-2026-33438
Stirling-PDF is affected by a Denial of Service (DoS) vulnerability in the watermark endpoint. Affected versions are 2.1.5 through 2.5.1 (prior to 2.5.2). An authenticated user can trigger resource exhaustion and server crashes by sending extreme values for fontSize and widthSpacer to /api/v1/sec...
CVE-2025-69768
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...
PT-2026-28483
Name of the Vulnerable Software and Affected Versions Stirling-PDF versions 2.1.5 through 2.5.1 Description Stirling-PDF is a locally hosted web application for PDF file operations. An authenticated user can trigger a Denial of Service DoS condition by submitting extreme values for the fontSize a...
CVE-2026-27625
Stirling-PDF (local web app) is affected in all versions prior to 2.5.2. The vulnerability resides in the /api/v1/convert/markdown/pdf endpoint, where user-supplied ZIP entries are extracted without path checks, enabling path traversal and arbitrary file write by any authenticated user (stirlingp...
Stirling-PDF 安全漏洞
Stirling-PDF is a powerful, locally hosted web-based PDF manipulation tool developed by Stirling Tools and open source using Docker. Versions of Stirling-PDF prior to 2.5.2 contained a security vulnerability due to the lack of path checking in the/api/v1/convert/markdown/pdf endpoint, which could...
EUVD-2025-208757
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component...
CVE-2025-69401
Authentication Bypass by Spoofing vulnerability in mdalabar WooODT Lite byconsole-woo-order-delivery-time allows Identity Spoofing.This issue affects WooODT Lite: from n/a through = 2.5.2...
PT-2026-21182
Name of the Vulnerable Software and Affected Versions WooODT Lite versions through 2.5.2 Description An authentication bypass by spoofing issue exists in WooODT Lite, potentially allowing identity spoofing. The issue impacts the application’s authentication mechanism, enabling unauthorized access...
WordPress plugin WooODT Lite 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
CVE-2025-36511
Incorrect default permissions for some IntelR Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This...
n8n Node.js Package < 1.123.17 / 2.x < 2.5.2 Expression Escape Leading to RCE (CVE-2026-25049)
The version of the n8n Node.js Package installed on the remote host is prior to 1.123.17, or 2.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability: - An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow...
PT-2026-7315
Name of the Vulnerable Software and Affected Versions IntelR Memory and Storage Tool versions prior to 2.5.2 Description The IntelR Memory and Storage Tool, in versions before 2.5.2, has default permissions that may allow a local escalation of privilege. An authenticated user with a high complexi...
n8n Has Expression Escape Vulnerability Leading to RCE
Impact Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613. An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on th...