Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

253 matches found

EUVD
EUVDadded 3 days ago8 views

EUVD-2026-38634

FlatPress versions prior to commit 10be83c, contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields ...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References4
NVD
NVDadded 4 days ago7 views

CVE-2026-56785

FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in...

8.4CVSS0.00243EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 4 days ago3 views

CVE-2026-56785

FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References4
CVE
CVEadded 4 days ago11 views

CVE-2026-56785

FlatPress is affected by a stored cross-site scripting (XSS) vulnerability in comment and contact forms. Versions prior to commit 10be83c (FlatPress) render the name, URL, and email fields without proper output encoding in Smarty templates, allowing an attacker to inject arbitrary HTML/JavaScript...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 4 days ago9 views

PT-2026-51608

Name of the Vulnerable Software and Affected Versions FlatPress versions prior to commit 10be83c Description A stored cross-site scripting issue exists in comment and contact forms. The name, URL, and email fields are rendered without proper output encoding in Smarty templates. This allows...

8.4CVSS5.9AI score0.00243EPSS
Exploits0References7
CVE
CVEadded 2026/06/15 8:17 p.m.16 views

CVE-2026-9691

The WordPress plugin “Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms” (vendor: WordPress ecosystem; affected component: PHP object injection vulnerability) is vulnerable in versions

9.8CVSS5.3AI score0.00476EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:18 p.m.7 views

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS5.9AI score0.00415EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/06/05 2:1 p.m.9 views

WordPress WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin <= 1.10.0.4 - Unauthenticated Insufficient Verification of Data Authenticity vulnerability

Unauthenticated Insufficient Verification of Data Authenticity vulnerability discovered by Valatty in WordPress Plugin Contact Form by WPForms versions = 1.10.0.4...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/06/05 8:59 a.m.6 views

WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Frissi0n in WordPress Plugin Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms versions = 1.2.1...

9.8CVSS5.5AI score0.00476EPSS
Exploits1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/13 8:43 p.m.9 views

CVE-2026-45714 CubeCart: Server-Side Template Injection (SSTI) in Smarty Templates leading to RCE

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS6.1AI score0.00415EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/13 8:43 p.m.9 views

EUVD-2026-30176

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

9.1CVSS6.1AI score0.00415EPSS
Exploits0References1
CVE
CVEadded 2026/05/13 8:43 p.m.10 views

CVE-2026-45714

CubeCart prior to version 6.7.0 is affected by an Authenticated Server-Side Template Injection (SSTI) in multiple modules (Email Templates, Invoices, Documents, Contact Forms). The issue arises from unsafely evaluating user-supplied input with the Smarty template engine without enabling Smarty Se...

9.1CVSS6.1AI score0.00415EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/07 5:33 p.m.5 views

CVE-2025-60197

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through = 1.6.4...

8.1CVSS7.1AI score0.00358EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/06 6:32 p.m.4 views

EUVD-2025-38118

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through = 1.6.4...

8.2CVSS6.6AI score0.00358EPSS
Exploits0References2
NVD
NVDadded 2025/11/06 4:16 p.m.3 views

CVE-2025-60197

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through = 1.6.4...

8.1CVSS0.00358EPSS
Exploits0References1
CVE
CVEadded 2025/11/06 3:54 p.m.8 views

CVE-2025-60197

CVE-2025-60197 refers to a Local File Inclusion in the WordPress plugin Simple Contact Forms (owner: owenr88) version &lt;= 1.6.4, caused by improper control of the filename in include/require statements. Affected product/component: WordPress plugin Simple Contact Forms; vulnerability type: PHP L...

8.1CVSS6.7AI score0.00358EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/11/06 3:54 p.m.3 views

CVE-2025-60197 WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through = 1.6.4...

8.1CVSS6.7AI score0.00358EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/11/06 3:54 p.m.9 views

CVE-2025-60197 WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through = 1.6.4...

8.1CVSS0.00358EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/11/06 12:0 a.m.5 views

PT-2025-45270

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through = 1.6.4...

8.2CVSS7.1AI score0.00358EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/11/06 12:0 a.m.4 views

WordPress plugin Simple Contact Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.7AI score0.00358EPSS
Exploits0References1
Rows per page
Query Builder