25068 matches found
Malicious code in @b2b-portal/form (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...
MAL-2026-2537 Malicious code in @b2b-portal/form (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server component
Summary Due to use of the Undertow web server component, DevOps Test Performance and Rational Performance Tester contain a potential vulnerability that can cause a denial of service DoS. CVE-2024-3884 Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cau...
WordPress MW WP Form plugin <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability
Unauthenticated Arbitrary File Move via regenerateuploadfilekeys vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin MW WP Form versions = 5.1.1...
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...
CVE-2026-6015 Tenda AC9 POST Request QuickIndex formQuickIndex stack-based overflow
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...
CVE-2026-6015
A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...
CVE-2026-6013 D-Link DIR-513 POST Request formSetRoute buffer overflow
A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The explo...
CVE-2026-6013
The CVE-2026-6013 entry describes a buffer overflow in D-Link DIR-513 v1.10 affecting the POST Request Handler’s formSetRoute (/goform/formSetRoute). The vulnerable function mishandles the curTime argument, enabling a remote attacker to trigger a buffer overflow. Exploitation is described as publ...
CVE-2026-6012 D-Link DIR-513 POST Request formSetPassword buffer overflow
A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out...
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...
CVE-2026-1263
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...
EUVD-2026-21248
The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...
PT-2026-32034
Name of the Vulnerable Software and Affected Versions GeoNode versions 4.0 through 4.4.5 and 5.0 through 5.0.2 Description GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 are affected by a server-side request forgery issue in the service registration endpoint. Authenticated attackers can...
TRENDnet TEW-713RE Command Injection Vulnerability
The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...
PT-2026-31874
A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...
CVE-2026-5988
A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mitssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be...
CVE-2026-5984
CVE-2026-5984 affects the D-Link DIR-605L (firmware 2.13B01). The vulnerable component is the POST Request Handler, specifically the function formSetLog in /goform/formSetLog. Manipulating the argument curTime can cause a buffer overflow, enabling a remote attack. Public exploit is referenced, an...
CVE-2026-5984 D-Link DIR-605L POST Request formSetLog buffer overflow
A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is...
WordPress Advanced CF7 DB plugin <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion vulnerability
Cross-Site Request Forgery to Form Entry Deletion vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...