CVE-2026-6127

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

EUVD-2026-26479

The Elementor Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the elementordata meta field in versions up to, and including, 4.0.4. This is due to insufficient input sanitization when processing form-encoded REST API requests. The plugin registers the...

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

OrangeHRM 访问控制错误漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained an access contro...

@apollo/server 安全漏洞

@apollo/server is a JavaScript code package open-sourced by Apollo GraphQL. Versions prior to 3.13.0, 4.13.0, and 5.4.0 of @apollo/server contain security vulnerabilities. These vulnerabilities stem from improper handling of encoded requests using special character sets in the default...

EUVD-2025-15449

Malicious code in bioql PyPI...

SUSE CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

PT-2021-6553 · Eclipse +2 · Eclipse Jetty +2

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.37 through 9.4.42 Eclipse Jetty versions 10.0.1 through 10.0.5 Eclipse Jetty versions 11.0.1 through 11.0.5 Description: The issue allows an attacker to craft URIs using encoded characters to access the content of t...

F5 BIG-IP ASM 11.4.1 Filter Bypass

Details ======= Product: F5 BIG-IP Application Security Manager ASM Vulnerability: Web Application Firewall Bypass Author: Peter Lapp, lappsec gmail com CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Should apply to all releases. Fixed Version: None Summary ======= The F5 ASM i...

HServer webserver directory traversal

Directory traversal with HTML-encoded requests...

Scotty traceless analysis of the hackers to avoid detection of the means-vulnerability warning-the black bar safety net

Hacker's clever is not just that they know how to invadeServer, but also that they know how to disguise their attacks. Malicious attackers will use a variety of escape means to allow yourself to not be detected, so as system administrator, should also be aware of these means to cope with the...

Input validation

OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines...

CVE-2007-4385

OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines...

CVE-2002-0627

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests...

PT-2002-1447 · Apache · Apache +1

Name of the Vulnerable Software and Affected Versions: Apache versions 1.3 through 1.3.24 Apache versions 2.0 through 2.0.36 Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes the software to...