CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

CVE-2018-25400

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25397

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

CVE-2018-25400 The Open ISES Project 3.30A SQL Injection via form_post.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400 The Open ISES Project 3.30A SQL Injection via form_post.php

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

EUVD-2018-21922

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...

CVE-2018-25400

The CVE-2018-25400 entry concerns the Open ISES Project 3.30A and an SQL injection via the id parameter in the ajax/form_post.php endpoint. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and exfiltrate data (e.g., database schema names) through crafted GET req...

CVE-2018-25397

PHP-SHOP 1.0 is affected by a cross-site request forgery in the users.php endpoint. An unauthenticated attacker can craft a page with a hidden form that automatically POSTs parameters (name, email, password, permissions) to create an admin account, by convincing an authenticated administrator to ...

CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

CVE-2018-25397 PHP-SHOP 1.0 Cross-Site Request Forgery via users.php

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

EUVD-2018-21919

PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that automatically submits POST...

CVE-2026-10064

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument specialname results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit...

CVE-2026-46510

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

CVE-2026-10063

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and...

CVE-2026-10062 TRENDnet TEW-432BRP formSetRoute stack-based overflow

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-10062

The CVE-2026-10062 affects TRENDnet TEW-432BRP (firmware 3.10B20). The vulnerability is in the function /goform/formSetRoute (formSetRoute) where manipulation of ip/mask/gateway parameters causes a stack-based buffer overflow. It is exploitable remotely and has publicly disclosed exploits. The ve...

CVE-2026-46510

CVE-2026-46510 affects form-data-objectizer

CVE-2026-46510 Prototype pollution in form-data-objectizer via bracket-notation form keys

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...