PT-2026-49084

Name of the Vulnerable Software and Affected Versions Page Builder: Pagelayer versions prior to 2.1.0 Description Incorrect Authorization exists in the Page Builder: Pagelayer plugin. The pagelayer save content AJAX handler allows users with basic post-edit capabilities to persist pagelayer conta...

EUVD-2026-33421

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

PT-2026-41350

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

PT-2026-21841

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.13 Description Bugsink is a self-hosted error tracking tool affected by a stored cross-site scripting XSS issue. An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScrip...

WordPress MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value vulnerability

WordPress MetForm - Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin = 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value vulnerability discovered by type5afe in WordPress Plugin Metform versions = 4.1.0...

Exploit for Cross-site Scripting in Strategy11 Formidable_Form_Builder

CVE-2017-20192 — Formidable Forms WordPress — Vulnerable Doc...

EUVD-2025-36205

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users to submit jobs that will execute with the permissions of other users...

CVE-2025-54968

The advisory concerns BAE Systems SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication, enabling remote users to submit jobs or local users to submit jobs that execute with another user's permissions. This behavior is documented across multiple sources (NVD/RedHat/C...

EUVD-2025-32417

The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkithandlereviewsubmission function in versions less than, or equal to, 1.2.16. This is due to the plugin not properly verifyin...

CVE-2025-9029 WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder <= 1.2.16 - Missing Authentication via wdkit_handle_review_submission Function

The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkithandlereviewsubmission function in versions less than, or equal to, 1.2.16. This is due to the plugin not properly verifyin...

PT-2025-40618

Name of the Vulnerable Software and Affected Versions WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress versions through 1.2.16 Description The WDesignKit plugin for WordPress does not properly verify user authorization, allowing...

CVE-2025-32377 Rasa Pro Missing Authentication For Voice Connector APIs

Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models LLMs. A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the...

WordPress GP Unique ID plugin <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification vulnerability

Unauthenticated Form Submission Unique ID Modification vulnerability discovered by Karl Emil Nikka in WordPress Plugin Gravity Forms Unique ID versions = 1.5.5...

Remote code execution

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...