25073 matches found
openSUSE 16 Security Update : go1.24-openssl (openSUSE-SU-2026:20308-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20308-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc12512...
EUVD-2026-9865
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...
CVE-2026-3459
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...
CVE-2025-70233
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...
CVE-2025-70229
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule...
CVE-2026-3459
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...
CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...
CVE-2026-3459
The vulnerability CVE-2026-3459 affects the WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7. The flaw, in the dnd_upload_cf7_upload function, arises from insufficient file type validation for a multi‑file upload field with ‘*’ as accepted types, impacting versions up to 1.3...
CVE-2026-3459 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.5 - Unauthenticated Arbitrary File Upload
The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnduploadcf7upload' function in versions up to, and including, 1.3.7.3. This makes it possible for unauthenticated attackers to...
GHSA-V66J-6WWF-JC57 Mercurius: Incorrect Content-Type parsing can lead to CSRF attack
Summary A Cross-Site Request Forgery CSRF vulnerability was identified in Mercurius versions 16. The issue arises from incorrect parsing of the Content-Type header in requests. Specifically, requests with Content-Type values such as application/x-www-form-urlencoded, multipart/form-data, or...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded
A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the FormEncodedDataDefinition.doParseStreamSourceChannel method to parse large form data encoding with application/x-www-form-urlencoded, the method will cause an OutOfMemory issue. This flaw allows...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.12 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2026-2599
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2026-2599
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...