CVE-2026-25863

Vulnerability summary (CVE-2026-25863): The WordPress plugin “Conditional Fields for Contact Form 7” (CF7 Conditional Fields), affected up to version 2.6.7, contains an uncontrolled resource consumption issue in Wpcf7cfMailParser.hide_hidden_mail_fields_regex_callback(). The method reads an itera...

firefox: thunderbird: Information disclosure in the Form Autofill component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Form Autofill component...

VulnCheck KEV: CVE-2024-8420

The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on site...

WordPress plugin Conditional Fields for Contact Form 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-36894

Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...

VulnCheck KEV: CVE-2023-5822

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: State corruption has been prevented in fpurestoresig. The non-compacted slowpath uses copyfromuser to copy the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain entire...

Astra Linux – Vulnerability in Netty

Netty is an asynchronous event-driven network application framework for rapid development of maintainable, high-performance protocol servers and clients. The HttpPostRequestDecoder can be configured to accumulate data. If enabled, the decoder can store items on the disk. There are no limitations ...

Astra Linux – Vulnerability in Firefox, Thunderbird

By displaying a form validation message in the correct location at the same time as a permission prompt such as for geolocation, the validation message could potentially obscure the prompt, allowing the user to be tricked into granting the permission. This vulnerability affects Firefox 94,...

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. A lack of enforcement of an upper-bound limit on strings passed during IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 as defined in PKCS 1 V2.1 is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffe...

Astra Linux – Vulnerability in Zabbix

Reflected XSS attacks occur when a malicious script is reflected from a web application into the victim’s browser. The script can be activated through action form fields, which are sent as requests to a website with vulnerabilities that allow the execution of malicious scripts...

Astra Linux - Vulnerability in Golang-1.19

A denial of service may occur due to excessive resource consumption in the net/http and mime/multipart libraries. Parsing multipart forms using mime/multipart.Reader.ReadForm can consume a largely unlimited amount of memory and disk space. This issue also affects form parsing in the net/http...

Astra Linux - Vulnerability in Golang-1.19

Parsing multipart forms can consume large amounts of CPU and memory when processing form inputs containing a very large number of parts. This occurs due to several reasons: 1. The mime/multipart.Reader.ReadForm method limits the total memory that a parsed multipart form can consume. ReadForm may...

Astra Linux - уязвимость в golang-1.23

The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...

OESA-2026-2193 python-aiohttp security update

Async http client/server framework asyncio. Security Fixes: Insufficient restrictions in header/trailer handling could cause uncapped memory usage.CVE-2026-22815 An unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation.CVE-2026-34513 An attacker who...

CVE-2026-5063

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

PT-2026-45127

Name of the Vulnerable Software and Affected Versions Edimax BR-6478AC version 1.23 Description A stack-based buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the formPPPoESetup function located in the /goform/formPPPoESetup file, where...

CVE-2026-4024

The Royal Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wprupdateformactionmeta AJAX action in all versions up to, and including, 1.7.1056. The handler is registered on both wpajax and wpajaxnopriv hooks, maki...

CVE-2026-5324 Brizy – Page Builder <= 2.8.11 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...