PT-2026-43177

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

📄 WordPress Supsystic Contact Form 1.7.36 Server-Side Template Injection

This Metasploit module is for WordPress Supsystic Contact Form plugin versions 1.7.36 and below. The plugin suffers from a server-side template injection vulnerability that allows for remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:2039-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2039-1 advisory. This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 -...

CVE-2026-9482

A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may...

EUVD-2026-31714

A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may...

BIT-DISCOURSE-2026-33514 Discourse: Information Disclosure in Form Template API Due to Missing Authorization

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for...

CVE-2026-9462

A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched remotely. The exploit is...

CVE-2026-9462 Edimax EW-7438RPn formWpsProxyEnable stack-based overflow

A vulnerability was detected in Edimax EW-7438RPn 1.31. Affected by this vulnerability is the function formWpsProxyEnable of the file /goform/formWpsProxyEnable. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be launched remotely. The exploit is...

EUVD-2026-31676

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-9459

CVE-2026-9459 affects Edimax EW-7438RPn (v1.31). The vulnerability lies in the formConnectionSetting function (/goform/formConnectionSetting); manipulating max_Conn/timeOut triggers a stack-based buffer overflow. It can be exploited remotely, with exploit activity publicly available and a PROOF-O...

Malicious Package

Overview @gbrlxvii/ts-form-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

CVE-2026-9443 Edimax BR-6478AC POST Request formL2TPSetup buffer overflow

A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated...

EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Form Submission Data Exposure vulnerability discovered by Z3no in WordPress Plugin Kirki – Freeform Page Builder, Website Builder & Customizer versions = 6.0.6...

CVE-2026-9430

A vulnerability was determined in Tenda F1202 1.2.0.20408. Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit...

CVE-2026-9427

A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-9424

A weakness has been identified in Edimax EW-7438RPn 1.31. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component Content-Type Handler. Executing a manipulation of the argument...

CVE-2026-9429

CVE-2026-9429 affects Tenda F1202 devices running firmware 1.2.0.20(408). The vulnerability is in the function formWrlExtraSet of /goform/WrlExtraSet, where manipulating the delno argument causes a stack-based buffer overflow. This can be exploited remotely and an exploit has been published. The ...

EUVD-2026-31631

A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component webs. This manipulation of the argument selSSID/submit-url causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

twitter-clone 跨站请求伪造漏洞

twitter-clone is an application by Fiffe Individual Developers. twitter-clone uses + Vue 3 + light to go development + TailwindCSS + PostgreSQL + recapitulate A cross-site request forgery vulnerability exists in twitter-clone version 1, which stems from cross-site request forgery and could allow ...