25023 matches found
PT-2026-27064
A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...
Code-Projects Exam Form Submission 代码注入漏洞
Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updates5.php, which may...
PT-2026-27230
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting XSS issue exists in the file field of the Form Plugin. Versions 1.41.1 and 2.41.1 contain a patch...
EUVD-2026-14331
A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be use...
Malicious code in @opengov/form-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a11b439f6b43c87972ca0e9cf8a54332a77b44da906d0bb0068e0af2532776b The package @opengov/form-utils was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2063 Malicious code in @opengov/form-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a11b439f6b43c87972ca0e9cf8a54332a77b44da906d0bb0068e0af2532776b The package @opengov/form-utils was found to contain malicious code. Source: ghsa-malware...
CVE-2026-4557
A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be use...
CVE-2026-4557 code-projects Exam Form Submission update_s1.php cross site scripting
A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be use...
CVE-2026-4557
A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be use...
CVE-2026-4557
Affected software: code-projects Exam Form Submission 1.0. Vulnerable component: /admin/update_s1.php. Root cause: manipulation of the sname argument leads to cross-site scripting (XSS). Impact: potential remote exploitation; exploit is public. Remediation/versions: no fix version or remediation ...
CVE-2026-4554 Tenda F453 WriteFacMac FormWriteFacMac privilege escalation
A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been released to the...
CVE-2019-25599
Backup Key Recovery 2.2.4 is affected by a local Denial of Service vulnerability triggered by an excessively long Name field during registration (buffer of 300+ characters). The issue is due to input handling in the Name field, leading to application crash. Connected documents confirm the vulnera...
CVE-2026-4544 Wavlink WL-WN578W2 POST Request login.cgi cross site scripting
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/loginpage can lead to cross site scripting. It is possible to launch the...
PT-2026-27032
A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update s1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...
Code-Projects Exam Form Submission 代码注入漏洞
Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updates1.php, which may...
EUVD-2026-14178
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...
CVE-2026-3546 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via API Token via 'eshot_form_builder_get_account_data' AJAX Action
The e-shot form builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.2. The eshotformbuildergetaccountdata function is registered as a wpajax AJAX handler accessible to all authenticated users. The function lacks any capability che...