EUVD-2026-16020

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

Access of Resource Using Incompatible Type ('Type Confusion')

Overview @builder.io/qwik-city is a The meta-framework for Qwik. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' in the FormData function when handling application/x-www-form-urlencoded or multipart/form-data requests. An attacker ca...

CVE-2020-37144

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without...

CVE-2020-37144 Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)

Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without...

CVE-2021-47800

b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpag...

CVE-2021-47800

b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit unauthorized changes to user profiles by tricking victims into loading a specially crafted webpag...

CVE-2021-47800

CVE-2021-47800 affects b2evolution 7.2.2 and is a cross-site request forgery (CSRF) that enables attackers to modify admin account details without authentication. The vulnerability arises from forged requests triggering admin-profile changes via a crafted webpage loaded by a victim, enabling mani...

EUVD-2026-2780

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users...

EUVD-2012-3366

Malware in sbrugna...

EUVD-2022-4744

Malicious code in bioql PyPI...

PT-2025-34153

Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.13 through 3.2.1 Apache Tika tika-core versions 1.13 through 3.2.1 Apache Tika tika-pdf-module versions 2.0.0 through 3.2.1 Apache Tika tika-parsers versions 1.13 through 1.28.5 Description A critical XML External Entity...

CVE-2011-4457

OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...

PT-2024-32871 · Unknown +3 · Openrefine +3

Name of the Vulnerable Software and Affected Versions: OpenRefine versions prior to 3.8.3 Description: The issue allows an attacker to lead a user to a malicious page that submits a form POST containing embedded JavaScript code. This code would then be included in the response, along with an...

CVE-2024-25692

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors...

CVE-2024-25692

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors...

CVE-2024-25692

CVE-2024-25692 is a cross-site request forgery in Esri Portal for ArcGIS versions 11.1 and below. A remote, unauthenticated attacker could trick an authorized user into executing unwanted actions via a crafted form. The reported impact on confidentiality and integrity is limited and low; availabi...

CVE-2023-28744

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary...

PT-2023-3892 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.1.1.15289 Foxit PDF Editor affected versions not specified Description: A use-after-free issue exists in the JavaScript engine, allowing an attacker to execute arbitrary code by manipulating form fields of a specif...

The vulnerability of the Sophos Web Appliance (SWA) protection and management tool lies in the lack of measures taken to protect the structure of the web page. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Sophos Web Appliance SWA security and management tool exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code using a specially crafted form...

K16826: PHP vulnerability CVE-2015-4024

Security Advisory Description Algorithmic complexity vulnerability in the multipartbufferheaders function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service CPU consumption via crafted form data that triggers an...