25074 matches found
CVE-2025-70222
CVE-2025-70222 affects D-Link DIR-513 v1.10. A stack buffer overflow is triggered via the curTime parameter in the /goform/formLogin and /goform/getAuthCode endpoints. The vulnerability is characterized as a network-accessible issue with high impact to confidentiality, integrity, and availability...
CVE-2025-70226
CVE-2025-70226: A stack buffer overflow in D-Link DIR-513 v1.10 is triggered by the curTime parameter to goform/formEasySetupWizard. The issue affects the device firmware; the cited description, CVSSv3.1 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and availabili...
CVE-2025-70236
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter...
Comparing instead of Assigning
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Comparing instead of Assigning via improper input validation in the validateFormFieldEmail function. An attacker can achieve root-level command execution by injecting shell...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
golang: net/url: Memory exhaustion in query parameter parsing in net/url
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...
CVE-2026-25673
An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...
CVE-2026-2568
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
EUVD-2026-9284
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-2568
CVE-2026-2568 is an authenticated storage-XSS in the WordPress plugin pair “WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms” (slug cf7-zendesk) affecting versions up to 1.1.5. Public sources (Wordfence) confirm this is a stored XSS via form submission data, with CVSS...
CVE-2026-2568
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...
WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.5...
Malicious code in tailwindcss-form-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1209 Malicious code in tailwindcss-form-bundler (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview tailwindcss-form-bundler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
PT-2026-22800
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr...
CVE-2025-70239
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANWizard55...
PT-2026-22727
The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...