10 matches found
CVE-2026-51923
An Insecure Direct Object Reference IDOR vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts...
CVE-2026-51924
An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component...
CVE-2026-51924
An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component...
CVE-2026-51923
An Insecure Direct Object Reference IDOR vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts...
CVE-2026-51925
A Local File Inclusion LFI vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menureport.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source cod...
CVE-2026-51926
The CVE-2026-51926 entry affects docuForm FSM Client v11.11c, where the login.php authentication flow exposes user-enumeration through responses that differ for valid vs invalid usernames. The root cause is an authentication mechanism flaw enabling attackers to distinguish existing accounts, whic...
CVE-2026-51924
An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component...
CVE-2026-51925
A Local File Inclusion LFI vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menureport.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source cod...
CVE-2026-51923
An Insecure Direct Object Reference IDOR vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts...
CVE-2025-65418
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url...