Lucene search
K

25068 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/10 4:43 p.m.8 views

Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/10 4:43 p.m.4 views

MAL-2026-2537 Malicious code in @b2b-portal/form (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bfd3d2bf611173cd9899eb7ae28620ce52dd78812b47d5f9ca1fc68555c5b70 The package @b2b-portal/form was found to contain malicious code. Source: ghsa-malware 01b5517a25cba37fda750436dbbba1fe86b2c36fb7eafbbb0b49cf17d95e5a...

5.8AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:14 p.m.7 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server component

Summary Due to use of the Undertow web server component, DevOps Test Performance and Rational Performance Tester contain a potential vulnerability that can cause a denial of service DoS. CVE-2024-3884 Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cau...

7.5CVSS5.8AI score0.01209EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/10 9:50 a.m.6 views

WordPress MW WP Form plugin <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys vulnerability

Unauthenticated Arbitrary File Move via regenerateuploadfilekeys vulnerability discovered by Sander Horsman - Conda Security in WordPress Plugin MW WP Form versions = 5.1.1...

8.1CVSS5.8AI score0.01069EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/10 6:16 a.m.5 views

CVE-2026-6015

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...

9CVSS0.00811EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/10 4:45 a.m.21 views

CVE-2026-6015 Tenda AC9 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...

9CVSS0.00811EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:45 a.m.4 views

CVE-2026-6015

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely...

9CVSS7.7AI score0.00811EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/04/10 4:15 a.m.25 views

CVE-2026-6013 D-Link DIR-513 POST Request formSetRoute buffer overflow

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The explo...

9CVSS0.0074EPSS
Exploits1References5
CVE
CVE
added 2026/04/10 4:15 a.m.11 views

CVE-2026-6013

The CVE-2026-6013 entry describes a buffer overflow in D-Link DIR-513 v1.10 affecting the POST Request Handler’s formSetRoute (/goform/formSetRoute). The vulnerable function mishandles the curTime argument, enabling a remote attacker to trigger a buffer overflow. Exploitation is described as publ...

9CVSS7.6AI score0.0074EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 4:0 a.m.2 views

CVE-2026-6012 D-Link DIR-513 POST Request formSetPassword buffer overflow

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out...

9CVSS7.7AI score0.00715EPSS
Exploits1References5
NVD
NVD
added 2026/04/10 2:16 a.m.5 views

CVE-2026-1263

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS0.00277EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/10 1:24 a.m.5 views

CVE-2026-1263

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS6.1AI score0.00277EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/10 1:24 a.m.7 views

EUVD-2026-21248

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS6.1AI score0.00277EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-32034

Name of the Vulnerable Software and Affected Versions GeoNode versions 4.0 through 4.4.5 and 5.0 through 5.0.2 Description GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 are affected by a server-side request forgery issue in the service registration endpoint. Authenticated attackers can...

6.3CVSS5.6AI score0.00172EPSS
Exploits0References13
CNVD
CNVD
added 2026/04/10 12:0 a.m.6 views

TRENDnet TEW-713RE Command Injection Vulnerability

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

9.8CVSS6.5AI score0.05126EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.2 views

PT-2026-31874

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit...

9CVSS7.7AI score0.00734EPSS
Exploits1References6
NVD
NVD
added 2026/04/09 11:17 p.m.2 views

CVE-2026-5988

A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mitssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be...

9CVSS0.00511EPSS
Exploits0References5
CVE
CVE
added 2026/04/09 10:0 p.m.17 views

CVE-2026-5984

CVE-2026-5984 affects the D-Link DIR-605L (firmware 2.13B01). The vulnerable component is the POST Request Handler, specifically the function formSetLog in /goform/formSetLog. Manipulating the argument curTime can cause a buffer overflow, enabling a remote attack. Public exploit is referenced, an...

9CVSS7.8AI score0.00784EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 10:0 p.m.4 views

CVE-2026-5984 D-Link DIR-605L POST Request formSetLog buffer overflow

A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is...

9CVSS7.8AI score0.00784EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/04/09 9:45 p.m.4 views

WordPress Advanced CF7 DB plugin <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion vulnerability

Cross-Site Request Forgery to Form Entry Deletion vulnerability discovered by Kai Aizen in WordPress Plugin Advanced Contact form 7 DB versions = 2.0.9...

5.4CVSS5.9AI score0.00136EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder