2958 matches found
Astra Linux – Vulnerability in Zabbix
Reflected XSS attacks occur when a malicious script is reflected from a web application into the victim’s browser. The script can be activated through action form fields, which are sent as requests to a website with vulnerabilities that allow the execution of malicious scripts...
EUVD-2026-25827
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...
PT-2026-35403
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction...
EUVD-2026-22857
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX
The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...
EUVD-2026-22665
Adobe Experience Manager versions FP11.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...
CVE-2026-27288
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...
CVE-2026-27288 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...
CVE-2026-27288
Adobe Experience Manager (AEM) is affected by a DOM-based XSS in versions 6.5.24 and FP11.7 and earlier. The issue arises from manipulating the DOM environment to execute malicious JavaScript in the victim’s browser, with exploitation requiring user interaction (the victim visits a crafted page)....
CVE-2026-3774
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
YesWiki 安全漏洞
YesWiki is a wiki system built using PHP by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.0 contained security vulnerabilities; these vulnerabilities stemmed from cross-site scripting vulnerabilities in t...
DEBIAN-CVE-2026-34517
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...
CVE-2026-3774
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3774 Self-Modifications Affecting Altered Printing and Redaction in Foxit PDF Editor
The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...
CVE-2026-3300
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...
PT-2026-29180
Name of the Vulnerable Software and Affected Versions Everest Forms Pro versions prior to 1.9.13 Description Unauthenticated attackers can achieve remote code execution via PHP code injection in the Everest Forms Pro plugin for WordPress. The issue exists within the Calculation Addon's process...
CVE-2026-2442
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on...
CVE-2026-21291
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Exploitation of this...
CVE-2026-21292
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker attacker to inject malicious scripts into vulnerable form fields. Exploitation of...