golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

Malicious code in @opengov/form-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19bbc2729962e719c0df5dd96e17dd7ceb90a0a5506ebb318cc50c19b6fe8bb8 The package @opengov/form-builder was found to contain malicious code. Source: google-open-source-security...

Malicious code in @opengov/form-renderer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6c8cb05cb54fe0f2f81f0c9a5ff43f2c4a45ab0fa31bcc1d1cade080e731c3d The package @opengov/form-renderer was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2210 Malicious code in @opengov/form-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19bbc2729962e719c0df5dd96e17dd7ceb90a0a5506ebb318cc50c19b6fe8bb8 The package @opengov/form-builder was found to contain malicious code. Source: google-open-source-security...

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

PT-2026-28550

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.16 Statamic versions prior to 6.7.2 Description The user:reset password form tag does not properly escape user-supplied input before rendering it as HTML, potentially allowing an attacker to inject and execute...

WordPress Plugin King Addons for Elementor Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin King Addons for Elemento...

WordPress plugin Frontend Admin by DynamiApps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

Code-Projects Online Food Ordering System SQL注入漏洞

The Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the 'del' parameter in t...

PT-2026-28205

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit h...

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

EUVD-2026-16032

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2026-33917

OpenEMR versions prior to 8.0.0.3 contain a SQL injection in the CAMOS form’s ajax_save endpoint caused by insufficient input validation. The issue can be exploited by an authenticated attacker. OpenEMR 8.0.0.3 patches the vulnerability. The CVSS shows HIGH impact (C/H/I/A = HIGH) with network at...

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

CVE-2026-33912

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

CVE-2026-33912

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

EUVD-2026-16020

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....