EUVD-2026-28235

The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the processRequest method in ForminatorAdminModuleEditPage admin/abstracts/class-admin-module-edit-page.php dispatching sensitive module-management actions —...

CVE-2021-47689

The CVE covers Nagios XI with Core Config Manager (CCM) vulnerable prior to CCM 3.1.0 / Nagios XI 5.8.0. Root cause is insufficient validation/escaping in the Templates pages UI logic that renders Active/Actions buttons, enabling cross-site scripting (XSS) via user-supplied input. Reported impact...

PT-2025-44473

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.0 Nagios XI versions prior to 5.8.0 Description The Core Config Manager CCM in Nagios XI contains a cross-site scripting XSS issue in the Templates pages. The problem is related to the UI logic that renders...

File upload vulnerability in HYBBS appearance & template pages

HYBBS is a lightweight community forum program. A file upload vulnerability exists in the HYBBS Appearance & Templates page, which can be exploited by an attacker to gain control of the web server...

CVE-2016-8903

SQL injection vulnerability in the "Site Browser Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...

Sql injection

SQL injection vulnerability in the "Site Browser Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...

dotCMS < 3.3.1 Multiple SQLi Vulnerabilities - Active Check

dotCMS is prone to multiple SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; i...