25073 matches found
PT-2026-23495
Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress versions through 1.3.7.3 Description The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress has a flaw that allows for arbitrary file uploads. This ...
WordPress plugin Database for Contact Form 7, WPforms, Elementor forms 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
CVE-2025-70233
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard...
WordPress plugin Fluent Forms Pro 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
D-Link DIR-513 安全漏洞
The D-Link DIR-513 is a wireless router product from D-Link Corporation. The D-Link DIR-513 v1.10 version has a security vulnerability. This vulnerability stems from a stack buffer overflow in the curTime parameter of the goform/formSetMACFilter function, which may allow for the execution of...
EUVD-2025-208290
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin...
EUVD-2025-208289
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot...
CVE-2025-70219
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot...
CVE-2025-70223
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
CVE-2026-2568
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Question field in the Legacy form element. An attacker can execute arbitrary JavaScript code in the context of a high-privilege user's browser by submitting crafted input that is later rendered when the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Legacy Form block when an authenticated user with permissions to create or edit forms injects malicious JavaScript into the options of a multiple-choice question. An attacker can execute arbitrary script...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, a Cross-site Scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice question...
Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...
EUVD-2026-9358
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
EUVD-2026-9359
In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...
GHSA-45FJ-FVMM-XCC5 Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...