Lucene search
K

25074 matches found

CVE
CVE
added 2026/03/04 12:0 a.m.14 views

CVE-2025-70222

CVE-2025-70222 affects D-Link DIR-513 v1.10. A stack buffer overflow is triggered via the curTime parameter in the /goform/formLogin and /goform/getAuthCode endpoints. The vulnerability is characterized as a network-accessible issue with high impact to confidentiality, integrity, and availability...

9.8CVSS6.1AI score0.00485EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/04 12:0 a.m.17 views

CVE-2025-70226

CVE-2025-70226: A stack buffer overflow in D-Link DIR-513 v1.10 is triggered by the curTime parameter to goform/formEasySetupWizard. The issue affects the device firmware; the cited description, CVSSv3.1 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and availabili...

9.8CVSS6.1AI score0.00485EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/03 8:16 p.m.5 views

CVE-2025-70236

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter...

9.8CVSS0.00587EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/03 5:40 p.m.2 views

Comparing instead of Assigning

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Comparing instead of Assigning via improper input validation in the validateFormFieldEmail function. An attacker can achieve root-level command execution by injecting shell...

9.1CVSS6.1AI score0.00802EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/03 4:17 p.m.8 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/03/03 3:33 p.m.4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
OSV
OSV
added 2026/03/03 3:16 p.m.4 views

CVE-2026-25673

An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. URLField.topython in Django calls urllib.parse.urlsplit, which performs NFKC normalization on Windows that is disproportionately slow for certain Unicode characters, allowing a remote attacker to cause denial o...

7.5CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/03/03 10:16 a.m.9 views

CVE-2026-2568

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/03 9:24 a.m.6 views

CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/03 9:24 a.m.25 views

CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/03 9:24 a.m.5 views

EUVD-2026-9284

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/03/03 9:24 a.m.15 views

CVE-2026-2568

CVE-2026-2568 is an authenticated storage-XSS in the WordPress plugin pair “WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms” (slug cf7-zendesk) affecting versions up to 1.1.5. Public sources (Wordfence) confirm this is a stored XSS via form submission data, with CVSS...

7.2CVSS6AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 9:24 a.m.7 views

CVE-2026-2568

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.00235EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/03 8:44 a.m.9 views

WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions = 1.1.5...

7.2CVSS5.9AI score0.00235EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 6:47 a.m.8 views

Malicious code in tailwindcss-form-bundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/03 6:47 a.m.2 views

MAL-2026-1209 Malicious code in tailwindcss-form-bundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a2a9c57883700b802e8a250afb6d3e95ef2ea31ab9a699b1bf339a9843fe430 The package tailwindcss-form-bundler was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/03/03 6:47 a.m.2 views

Malicious Package

Overview tailwindcss-form-bundler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22800

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr...

6.1AI score0.00714EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.2 views

CVE-2025-70239

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANWizard55...

6.1AI score0.00606EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.5 views

PT-2026-22727

The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping. This makes it possib...

7.2CVSS6AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder