Lucene search
K

124 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-51923

An Insecure Direct Object Reference IDOR vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts...

8.1CVSS0.00382EPSS
Exploits0References3
NVD
NVD
added 5 days ago6 views

CVE-2026-51925

A Local File Inclusion LFI vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menureport.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source cod...

8.1CVSS0.00322EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-51924

An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component...

8.1CVSS0.0033EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

7.5CVSS0.0036EPSS
Exploits0References2
CVE
CVE
added 5 days ago16 views

CVE-2026-51926

The vulnerability (CVE-2026-51926) affects docuForm FSM Client v11.11c. The login.php authentication mechanism enables user enumeration: an attacker can distinguish valid from invalid usernames by differences in server responses, enabling identification of existing accounts. This information coul...

7.5CVSS6AI score0.0036EPSS
Exploits0References2
CVE
CVE
added 5 days ago17 views

CVE-2026-51924

CVE-2026-51924 affects docuForm GmbH Client v.11.11c. A vulnerability in the file upload and report.php component allows a remote attacker to execute arbitrary code. Root cause: improper handling of uploaded files leading to code execution. Impacted product is documented; CVSSv3.1 base score 8.1 ...

8.1CVSS6.3AI score0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago27 views

CVE-2026-51925

A Local File Inclusion LFI vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menureport.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source cod...

0.00322EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-51925

CVE-2026-51925 affects docuForm GmbH Client v11.11c. A Local File Inclusion flaw in the dfm-menu_report.php component allows an attacker to read arbitrary server files (e.g., system/configuration files, source code) and potentially execute arbitrary code. The PT-Security entry confirms the affect...

8.1CVSS6.3AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 5 days ago16 views

CVE-2026-51923

The CVE-2026-51923 entry concerns docuForm GmbH Client v.11.11c with an Insecure Direct Object Reference (IDOR) vulnerability in the user settings component. The technical detail provided states that a remote attacker can execute arbitrary code and modify or retrieve sensitive data associated wit...

8.1CVSS6.3AI score0.00382EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

7.5CVSS6AI score0.0036EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-51925

A Local File Inclusion LFI vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menureport.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source cod...

8.1CVSS6.3AI score0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-51924

An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component...

0.0033EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-51923

An Insecure Direct Object Reference IDOR vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts...

0.00382EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-61308

A reflected cross-site scripted XSS vulnerability in the dfm-menumaintenance.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-61313

A reflected cross-site scripted XSS vulnerability in the dfm-menumarkeralerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-61311

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-61312

A reflected cross-site scripted XSS vulnerability in the acc-menupricess.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-61305

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2025-61306

A reflected cross-site scripted XSS vulnerability in the dfm-menucoveragealerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.14 views

CVE-2025-61307

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS5.7AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder