523 matches found
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
PT-2026-48069
Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...
PT-2026-48050
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-52778
YesWiki (PHP-based wiki) exposes a vulnerability in the Bazar form field calculator (CalcField.php) present before version 4.6.6. The code attempts to sanitize user-defined mathematical formulas using a complex recursive regex prior to passing them to PHP eval(), creating a surface for Regular Ex...
PT-2026-47441
Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...
CVE-2026-46510
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...
CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys
form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...
Exploit for CVE-2026-4885
CVE-2026-4885 Piotnet Addons for Elementor Pro Note: The...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. A lack of enforcement of an upper-bound limit on strings passed during IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...
CVE-2026-4885
The affected product is the Piotnet Addons for Elementor Pro plugin for WordPress. A vulnerability exists in the pafe_ajax_form_builder function across all versions up to and including 7.1.70 due to missing file type validation and an incomplete extension blacklist that blocks only a limited set ...
OESA-2026-2193 python-aiohttp security update
Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...
CVE-2026-5941
CVE-2026-5941 affects Foxit PDF Editor/Reader, specifically the AcroForm Signature processing. The issue is a parsing logic flaw where non-signature data can be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes...
CVE-2026-3642
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3642
CVE-2026-3642 concerns the WordPress plugin e-shot form builder. It affects all versions up to and including 1.0.2, where the AJAX handler eshot_form_builder_update_field_data() lacks capability checks (current_user_can()) and nonce verification (check_ajax_referer()/wp_verify_nonce()). Registere...
CVE-2026-3642
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
PT-2026-33019
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot form builder update field data AJAX handler lacks any capability checks current user can or nonce verification check ajax referer/wp verify nonce. The function...
CVE-2026-27288
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...
CVE-2026-35404
Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...