Lucene search
K

786 matches found

cnnvd
cnnvd
added 2026/05/13 12:0 a.m.9 views

Gerrit 安全漏洞

Gerrit is a code review tool used within the Gerrit community. Versions of Gerrit 2.12 and later contain security vulnerabilities. These vulnerabilities stem from improper authorization in the “submitted together” feature, which could allow authenticated attackers to bypass code reviews and force...

6CVSS5.9AI score0.00116EPSS
Exploits0References1
euvd
euvd
added 2026/05/12 12:32 p.m.8 views

EUVD-2026-29450

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
nvd
nvd
added 2026/05/12 11:16 a.m.18 views

CVE-2026-42741

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS0.00223EPSS
Exploits0References1
cve
cve
added 2026/05/12 11:2 a.m.17 views

CVE-2026-42741

Technical details about CVE-2026-42741 are not publicly available in the provided documents; monitor for updates.

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/12 11:2 a.m.43 views

CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS0.00223EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42741

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views - Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views - Display & Edit Ninja...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/12 11:2 a.m.9 views

CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References1
nextcloud
nextcloud
added 2026/05/12 8:20 a.m.13 views

Missing permission check for reading form submissions

None...

6.5CVSS5.8AI score0.00291EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/12 7:48 a.m.25 views

CVE-2026-7050

The Forms Rb WordPress plugin (versions ≤ 1.1.9) is vulnerable to an authorization bypass due to insufficient access checks, allowing authenticated users with contributor-level access and above to read form submissions, modify form configurations, and delete records for forms they do not own. Roo...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References13
cve
cve
added 2026/05/12 12:0 a.m.24 views

CVE-2026-31245

The issue affects the mem0 1.0.0 server. The memory creation API (POST /memories) lacks authentication and authorization, allowing unauthenticated users to submit arbitrary memory records. This can lead to unauthorized data injection and potential data pollution in the database. Root cause: missi...

5.3CVSS6AI score0.00335EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/05/12 12:0 a.m.10 views

WordPress plugin Forms Rb 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.10 views

PT-2026-39968

The Forms Rb plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor-level access a...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References14
osv
osv
added 2026/05/11 4:17 p.m.10 views

PYSEC-2026-148

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
pypa
pypa
added 2026/05/11 4:17 p.m.32 views

PYSEC-2026-148

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/11 2:40 p.m.36 views

CVE-2026-44199 Wagtail: Improper permission handling when deleting form submissions

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

6.5CVSS0.00174EPSS
Exploits0References1
cve
cve
added 2026/05/11 2:40 p.m.21 views

CVE-2026-44199

Summary (CVE-2026-44199) Wagtail (Django-based CMS) before versions 7.0.7, 7.3.2, and 7.4 contains a permission bug in form submissions. A CMS user with limited access to form pages can delete submissions on pages they should not access by crafting a delete submission request for pages they can a...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/05/11 2:40 p.m.7 views

CVE-2026-44199 Wagtail: Improper permission handling when deleting form submissions

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to f...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
osv
osv
added 2026/05/08 8:20 p.m.5 views

GHSA-PWM3-7FV4-G6XX Wagtail has improper permission handling when deleting form submissions

Impact A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References4
snyk
snyk
added 2026/05/08 8:20 p.m.6 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the deletion of form submissions. A user can remove other users' form submissions without proper...

6.9CVSS5.8AI score0.00174EPSS
Exploits0References2
github
github
added 2026/05/08 8:20 p.m.14 views

Wagtail has improper permission handling when deleting form submissions

Impact A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder