Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the save-submission action. An attacker can overwrite existing submissions by posting a known or guessed submission ID without authentication. Remediation Upgrade verbb/formie to...

Formie for Craft CMS 安全漏洞

Formie for Craft CMS is a form plugin for the Craft CMS developed by Verbb. Versions prior to 2.2.20 and 3.1.24 of Formie for Craft CMS had security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to submit custom values into hidden fields. These values we...

EUVD-2025-10805

Malicious code in bioql PyPI...

Formie for Craft CMS 跨站脚本漏洞

Formie for Craft CMS is an open source form plugin for Craft CMS by Verbb. A cross-site scripting vulnerability exists in Formie for Craft CMS versions prior to 2.1.44, which stems from the possible injection of malicious code into HTML content...

Pixel＆tonic Craft CMS 安全漏洞

Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic USA. A security vulnerability exists in Pixel & tonic Craft CMS Formie versions prior to 2.1.6, which stems from a user with access to form settings can include malicious Twig code into Twig-enabled fields that will...