EUVD-2026-31414

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

EUVD-2006-0864

Malware in sbrugna...

CVE-2022-3776

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...

CVE-2021-33849

A Cross-Site Scripting XSS attack can cause arbitrary code JavaScript to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload...

WooCommerce Custom Registration Form <= 1.0.4 - Arbitrary Field Deletion and Form Modification via CSRF

The plugin does not properly check for CSRF in its delfield and savealldata AJAX actions, allowing attacker to make logged in user call them via a CSRF attack To delete a field from the Registration Form: To change the whole Registration Form: input type=...

WooCommerce Custom Registration Form <= 1.0.4 - Arbitrary Field Deletion and Form Modification via CSRF

The plugin does not properly check for CSRF in its delfield and savealldata AJAX actions, allowing attacker to make logged in user call them via a CSRF attack PoC To delete a field from the Registration Form: To change the whole Registration Form:...

Service Update 0.20 for Microsoft Dynamics 365 9.0

Service Update 0.20 for Microsoft Dynamics 365 9.0 INTRODUCTION Service Update 9.0.20 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.20. MORE INFORMATION Update package| Version number ---|---...

WordPress data-tables-generator-by-supsystic cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. data-tables-generator-by-supsystic is a data table generator plugin used in it. A security vulnerability exists in WordPress...

ITlearner CuteCounter V1. 6 background to obtain webshell-vulnerability warning-the black bar safety net

Source of information: unknown Into the Findtdinput name="RecordNum" type="text" id="RecordNum" value="1 0 0" size="4 0" maxlength="3"/tdmodify maxlength="3"maxlength="5 0"then look for form name="form1" method="post" action="? Action=SaveConfig"change to action=" For the 1 0 0 block input 1 0...