CVE-2026-3571 Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

CVE-2026-3571

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is affected by an authorization flaw in which the pie_main() function lacks a capability check across all versions up to 3.8.4.8. This allows unauthenticated attackers to modify the registration form status,...

CVE-2026-3571 Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the piemain function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacker...

WordPress plugin Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-30303

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie main function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attacke...

SUSE CVE-2026-34827

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...

CVE-2026-34598

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

CVE-2026-34827

A flaw was found in Rack, a modular Ruby web server interface. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted multipart/form-data request. This request, containing numerous parts with lengthy backslash-escaped parameter values, causes the system to consu...

CVE-2026-34829

A flaw was found in Rack. An unauthenticated attacker can exploit this by sending a multipart/form-data request without a Content-Length header. This allows multipart parsing to continue without a total size limit, writing uploaded file parts directly to temporary files on disk. This unbounded di...

CVE-2026-1540

The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an attacker with editor access to achieve Remote Code Execution by using a crafted header...

CVE-2026-4347

The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generateuserfilepath' function and the 'movetempfiletouploaddir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers ...

WordPress Spam Protect for Contact Form 7 plugin < 1.2.10 - Editor+ Remote Code Execution vulnerability

Editor+ Remote Code Execution vulnerability discovered by Chiao-Lin Yu Steven Meow in WordPress Plugin Spam Protect for Contact Form 7 versions 1.2.10...

EUVD-2026-18186

wisp has Allocation of Resources Without Limits or Throttling...

GHSA-8645-P2V4-73R2 wisp has Allocation of Resources Without Limits or Throttling

Summary A multipart form parsing bug allows any unauthenticated user to bypass configured request size limits and trigger a denial of service by exhausting server memory or disk. Details The issue is in the multipart parsing logic, specifically in multipartbody and multipartheaders. When parsing...

wisp has Allocation of Resources Without Limits or Throttling

Summary A multipart form parsing bug allows any unauthenticated user to bypass configured request size limits and trigger a denial of service by exhausting server memory or disk. Details The issue is in the multipart parsing logic, specifically in multipartbody and multipartheaders. When parsing...

SUSE CVE-2026-34517

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking clientmaxsize. This issue has been patched in version 3.13.4...

Malicious Package

Overview strapi-plugin-form is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages aren't...

Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass.

Summary Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one rather than the first. In deployments where an upstream proxy, WAF, or intermedia...

Denial of Service (DoS)

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Inefficient Algorithmic Complexity

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...