CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

CVE-2026-1947

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submitnexform function due to missing validation on a user controlled key. This makes it possible for unauthenticated...

CVE-2026-1948

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivatelicense function in all versions up to, and including, 9.1.9. This makes it possible for authenticated attackers, with...

IBM Datacap 安全漏洞

IBM Datacap is a document capture and processing software from International Business Machines IBM that captures data from various sources e.g., scanner, email, fax, etc. in paper or electronic documents and converts them into editable and searchable digital formats, which are widely used in...

CVE-2024-39735

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

Malicious code in sys-selenium (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis a1ae15b4cab934fe2bdb8472ceb8f00edfd582688a810321e7e4814ca66cbe98 The OpenSSF Package Analysis project identified 'sys-selenium' @ 9.1.9 pypi as malicious. It is considered malicious because: - The package...

openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0627-1)

postgresql was updated to version 9.1.9 bnc812525 : - CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with '-' could be crafted to damage or destroy files within the server's data directory, even if the request is...

postgresql91 to version 9.1.9. (important)

postgresql was updated to version 9.1.9 bnc812525: CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is...