EUVD-2025-31748

Malicious code in bioql PyPI...

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

GHSA-6CWX-42HW-W69C FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

Access Control Bypass

Overview FormCMS is a FormCMS is an open-source Content Management System designed to simplify and accelerate web development workflows for CMS projects and general web applications. It streamlines data modeling, backend development, and frontend design, making them as intuitive as filling out a...

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

PT-2025-40005

Name of the Vulnerable Software and Affected Versions FormCms version 0.5.4 Description An access control issue exists in FormCms version 0.5.4. An unauthenticated attacker can access historical schema data via the /api/schemas/history/schemaId API endpoint if a valid schemaId is known or guessed...

FormCMS 安全漏洞

FormCMS is a page designer for formcms individual developers. A security vulnerability exists in FormCms version 0.5.4, which stems from improper access control of the /api/schemas/history/schemaId endpoint, which could lead to unauthenticated attackers accessing historical schema data...

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

CVE-2025-55797

CVE-2025-55797 affects FormCms v0.5.4. The /api/schemas/history/[schemaId] endpoint has improper access control, allowing unauthenticated attackers to access historical schema data when a valid schemaId is known or guessed. CVSSv3.1 base score is 6.5 (MEDIUM) with Network attack vector, low confi...

PT-2025-40039

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

Stored XSS

Overview FormCMS is a FormCMS is an open-source Content Management System designed to simplify and accelerate web development workflows for CMS projects and general web applications. It streamlines data modeling, backend development, and frontend design, making them as intuitive as filling out a...

CVE-2025-56236

FormCms v0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser...

CVE-2025-56236

FormCms v0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser...

PT-2025-35097

Name of the Vulnerable Software and Affected Versions: FormCms version 0.5.5 Description: FormCms version 0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible v...

CVE-2025-56236

FormCms v0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser...

FormCMS 安全漏洞

FormCMS is a page designer for formcms individual developers. A security vulnerability exists in FormCMS version 0.5.5, which stems from a stored cross-site script in the avatar upload feature that could lead to the execution of malicious script in a privileged user's browser environment...