Lucene search
K

25073 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.3 views

openSUSE 16 Security Update : go1.24-openssl (openSUSE-SU-2026:20308-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20308-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc12512...

10CVSS7.1AI score0.01945EPSS
Exploits4References62
EUVD
EUVD
added 2026/03/05 9:30 p.m.5 views

EUVD-2026-9865

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS6.6AI score0.00553EPSS
Exploits0References5
NVD
NVD
added 2026/03/05 7:16 p.m.14 views

CVE-2026-3459

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS0.00553EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 7:16 p.m.6 views

CVE-2025-70233

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...

9.8CVSS0.00633EPSS
Exploits1References3
NVD
NVD
added 2026/03/05 7:16 p.m.11 views

CVE-2025-70229

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule...

9.8CVSS0.00633EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/05 6:25 p.m.5 views

CVE-2026-3459

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS6.6AI score0.00553EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/05 6:25 p.m.4 views

CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS6.4AI score0.00553EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 6:25 p.m.23 views

CVE-2026-3459

The vulnerability CVE-2026-3459 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7. The flaw, in the dnd_upload_cf7_upload function, arises from insufficient file type validation for a multi‑file upload field with ‘*’ as accepted types, impacting versions up to 1.3...

8.1CVSS6.6AI score0.00553EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 6:25 p.m.36 views

CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...

8.1CVSS0.00553EPSS
Exploits0References4
OSV
OSV
added 2026/03/05 6:18 p.m.5 views

GHSA-V66J-6WWF-JC57 Mercurius: Incorrect Content-Type parsing can lead to CSRF attack

Summary A Cross-Site Request Forgery CSRF vulnerability was identified in Mercurius versions 16. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or...

5.4CVSS5.9AI score0.00159EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/05 4:8 p.m.3 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/05 2:35 p.m.11 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/05 1:39 p.m.5 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01209EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/05 1:38 p.m.3 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01209EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/05 1:34 p.m.4 views

undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...

7.5CVSS5.8AI score0.01209EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/05 1:34 p.m.8 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.12 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.6CVSS7.6AI score0.0217EPSS
Exploits1References22
NVD
NVD
added 2026/03/05 1:16 p.m.10 views

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS0.00519EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:26 p.m.5 views

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS6.2AI score0.00519EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/05 12:26 p.m.4 views

CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS6AI score0.00519EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/05 12:15 p.m.4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
Rows per page
Query Builder