Lucene search
K

523 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-48069

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager versions 6.5.24 and earlier Adobe Experience Manager versions LTS SP1 and earlier Adobe Experience Manager versions 2026.04 and earlier Description A stored Cross-Site Scripting XSS issue allows a low-privileged attack...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48050

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 6:24 p.m.32 views

CVE-2026-52778

YesWiki (PHP-based wiki) exposes a vulnerability in the Bazar form field calculator (CalcField.php) present before version 4.6.6. The code attempts to sanitize user-defined mathematical formulas using a complex recursive regex prior to passing them to PHP eval(), creating a surface for Regular Ex...

9.8CVSS6AI score0.00561EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47441

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.6 Description An unsafe execution issue exists in the Bazar form field calculator CalcField.php. The application uses a complex recursive regular expression to sanitize user-defined mathematical formulas before th...

9.8CVSS5.9AI score0.00561EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:40 p.m.10 views

CVE-2026-46510

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

8.2CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 1:40 p.m.9 views

CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

8.2CVSS5.8AI score0.00282EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/21 11:16 a.m.127 views

Exploit for CVE-2026-4885

CVE-2026-4885 Piotnet Addons for Elementor Pro Note: The...

9.8CVSS5.8AI score0.00953EPSS
Exploits2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. A lack of enforcement of an upper-bound limit on strings passed during IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

7.5CVSS6.5AI score0.01854EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 11:18 a.m.43 views

CVE-2026-4883 Piotnet Forms <= 2.1.40 - Unauthenticated Arbitrary File Upload via Form File Upload

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetformsajaxformbuilder' function in all versions up to, and including, 2.1.40. The plugin uses an incomplete extension blacklist that only blocks php, phpt, php5, php7, a...

9.8CVSS0.0081EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 6:46 a.m.46 views

CVE-2026-4885

The affected product is the Piotnet Addons for Elementor Pro plugin for WordPress. A vulnerability exists in the pafe_ajax_form_builder function across all versions up to and including 7.1.70 due to missing file type validation and an incomplete extension blacklist that blocks only a limited set ...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
OSV
OSV
added 2026/05/03 9:58 a.m.7 views

OESA-2026-2193 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

9.1CVSS5.7AI score0.00461EPSS
Exploits0References10
CVE
CVE
added 2026/04/27 11:0 a.m.34 views

CVE-2026-5941

CVE-2026-5941 affects Foxit PDF Editor/Reader, specifically the AcroForm Signature processing. The issue is a parsing logic flaw where non-signature data can be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes...

7.8CVSS5.2AI score0.00169EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2026/04/15 9:16 a.m.10 views

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS0.00367EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/15 8:28 a.m.34 views

CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS0.00367EPSS
Exploits0References5
CVE
CVE
added 2026/04/15 8:28 a.m.21 views

CVE-2026-3642

CVE-2026-3642 concerns the WordPress plugin e-shot form builder. It affects all versions up to and including 1.0.2, where the AJAX handler eshot_form_builder_update_field_data() lacks capability checks (current_user_can()) and nonce verification (check_ajax_referer()/wp_verify_nonce()). Registere...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:28 a.m.4 views

CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.10 views

PT-2026-33019

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshot form builder update field data AJAX handler lacks any capability checks current user can or nonce verification check ajax referer/wp verify nonce. The function...

5.3CVSS5.7AI score0.00367EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/14 6:0 p.m.3 views

CVE-2026-27288

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...

5.4CVSS5.8AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-35404

Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...

6.1CVSS0.00223EPSS
Exploits1References2
Rows per page
Query Builder