Lucene search
K

25073 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.14 views

PT-2026-23495

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress versions through 1.3.7.3 Description The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress has a flaw that allows for arbitrary file uploads. This ...

8.1CVSS6.1AI score0.00553EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin Database for Contact Form 7, WPforms, Elementor forms 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

9.8CVSS5.9AI score0.00519EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:0 a.m.2 views

CVE-2025-70233

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...

6.1AI score0.00633EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

WordPress plugin Fluent Forms Pro 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.7AI score0.00263EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

D-Link DIR-513 安全漏洞

The D-Link DIR-513 is a wireless router product from D-Link Corporation. The D-Link DIR-513 v1.10 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the curTime parameter of the goform/formSetMACFilter function, which may allow for the execution of...

9.8CVSS6.2AI score0.00633EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/04 9:32 p.m.5 views

EUVD-2025-208290

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin...

6.1AI score0.00485EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/04 9:32 p.m.5 views

EUVD-2025-208289

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot...

6.1AI score0.00485EPSS
Exploits1References4
OSV
OSV
added 2026/03/04 8:16 p.m.5 views

CVE-2025-70219

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot...

9.8CVSS6AI score0.00485EPSS
Exploits1References3
OSV
OSV
added 2026/03/04 7:16 p.m.5 views

CVE-2025-70223

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork...

9.8CVSS6.1AI score0.00513EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/04 3:54 p.m.6 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/04 1:44 p.m.6 views

CVE-2026-2568

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.00235EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/04 9:7 a.m.10 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/04 6:27 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Question field in the Legacy form element. An attacker can execute arbitrary JavaScript code in the context of a high-privilege user's browser by submitting crafted input that is later rendered when the...

4.8CVSS5.7AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/04 6:25 a.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Legacy Form block when an authenticated user with permissions to create or edit forms injects malicious JavaScript into the options of a multiple-choice question. An attacker can execute arbitrary script...

4.8CVSS5.7AI score0.00208EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/03/04 5:15 a.m.10 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/04 3:31 a.m.6 views

Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a Cross-site Scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice question...

4.8CVSS5.9AI score0.00208EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 3:31 a.m.8 views

Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/04 3:31 a.m.7 views

EUVD-2026-9358

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/04 3:31 a.m.4 views

EUVD-2026-9359

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

4.8CVSS5.8AI score0.00208EPSS
Exploits1References3
OSV
OSV
added 2026/03/04 3:31 a.m.4 views

GHSA-45FJ-FVMM-XCC5 Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References4
Rows per page
Query Builder