CVE-2026-7881

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

MINI-2PMQ-J8MP-RJ3C

Bulletin has no description...

CVE-2026-0633

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (WordPress)

GHSA-7JXJ-RPX7-PH2C Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

Umbraco.Forms CDN may cache sensitive form uploads when processed by ImageSharp

Impact Protected files uploaded through Umbraco Forms may be served to unauthenticated users when a CDN or caching layer is present and ImageSharp processes the request. ImageSharp sets aggressive cache headers by default, which can cause intermediary caches to store and serve files that should...

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

EUVD-2026-0524

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

EUVD-2025-205123

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

CVE-2025-53059

CVE-2025-53059 affects Oracle PeopleSoft: PeopleSoft Enterprise PeopleTools (OpenSearch Dashboards) with affected versions 8.60, 8.61, 8.62. The flaw enables a high-privileged attacker with network access via HTTP to compromise PeopleSoft PeopleTools and potentially obtain unauthorized access to ...

EUVD-2025-30244

Malicious code in bioql PyPI...

CVE-2024-13498

creationtimestamp| type| source ---|---|--- 2025-03-12 05:41:09+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7287 2025-08-13 13:26:34+00:00| seen| MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868...

CVE-2025-26931

creationtimestamp| type| source ---|---|--- 2025-02-25 15:23:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5291 2025-08-22 14:52:23+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...

GHSA-FXF5-C62C-5F69

creationtimestamp| type| source ---|---|--- 2023-12-29 10:28:32+00:00| seen| https://t.me/arpsyndicate/2234...

PT-2005-4312 · Chipmunk · Chipmunk Directory Script

Name of the Vulnerable Software and Affected Versions: Chipmunk Directory script affected versions not specified Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the entryID parameter in the recommend.php file...

MS:2C79F4C1-CCAB-449B-93A7-32C80C056D2F

...

CVE-2025-48864

...

CVE-2025-34860

...

CVE-2025-34361

...

CVE-2025-34455

CVE-2025-34455 entry is rejected and not used for a vulnerability disclosure.

MS:5712F7F3-BECA-47E6-A776-81675F072352

...