Lucene search
K

2978 matches found

Nuclei
Nuclei
added 6 hours ago107 views

WordPress IWS Geo Form Fields <=1.0 - SQL Injection

WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data,...

9.8CVSS7.1AI score0.04955EPSS
Exploits1References5
NVD
NVD
added 3 days ago7 views

CVE-2026-15010

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS0.00208EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-15010 bbp style pack <= 6.4.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Topic Form Additional Fields

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS0.00208EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43165

The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.4.5 via the Topic Form Additional Fields feature. This is due to insufficient input sanitization in bsptopicfieldsformsave which writes $POST'bsptopicfieldslabeln' directly to...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References4
CVE
CVE
added 3 days ago16 views

CVE-2026-15010

The CVE-2026-15010 entry concerns the bbp Style Pack plugin for WordPress, vulnerable to Stored Cross-Site Scripting (XSS) in versions up to and including 6.4.5 via the Topic Form Additional Fields feature. Root causes are insufficient input sanitization in bsp_topic_fields_form_save(), which wri...

6.4CVSS6.2AI score0.00208EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request bo...

8.6CVSS6AI score0.0046EPSS
Exploits0References4
NVD
NVD
added 4 days ago8 views

CVE-2026-52747

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS0.0046EPSS
Exploits0References3
CVE
CVE
added 4 days ago16 views

CVE-2026-52747

Summary of CVE-2026-52747 ModSecurity (the open‑source WAF engine for Apache/IIS/Nginx) prior to version 3.0.16 contains a parsing bug in the multipart/form-data body processor. Specifically, the libmodsecurity multipart parser silently removes embedded line breaks from non-file form-field values...

8.6CVSS6AI score0.0046EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...

8.6CVSS6AI score0.0046EPSS
Exploits0References5
NVD
NVD
added 6 days ago11 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-57237

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-57240 Foxit PDF Editor/Reader Form Field Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF file and JavaScript deletes the PDF fields, the subsequent logic still uses the old field pointers, resulting in invalid pointer references and causing the application to crash...

7.8CVSS0.00128EPSS
Exploits0References1
CVE
CVE
added 6 days ago16 views

CVE-2026-57240

CVE-2026-57240 affects Foxit PDF Editor/Reader: when opening a PDF, if JavaScript deletes form fields, the app may still reference old field pointers, causing a use-after-free and crash. The CVSS/metrics indicate a HIGH impact with local access, requiring user interaction. No explicit exploit det...

7.8CVSS6AI score0.00128EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57237 Foxit PDF Editor/Reader Annotation Use-After-Free Remote Code Execution Vulnerability

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42196

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-57237

When the application opens a PDF and JavaScript modifies the properties of form fields, it causes the state of the underlying objects referenced by the program to become invalid. Eventually, it reads an illegal memory address, which leads to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago12 views

PT-2026-56337

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A crash occurs when the application opens a PDF and JavaScript deletes a form field object, followed by an attempt to access that invalid object. Recommendation...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56336

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Opening a PDF allows JavaScript to modify form field properties, causing the state of the underlying objects referenced by the program to become invalid. This...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 12:30 p.m.36 views

CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be...

5.3CVSS0.00273EPSS
Exploits0References6
Rows per page
Query Builder