CVE-2026-3642

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX

The e-shot™ form builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.0.2. The eshotformbuilderupdatefielddata AJAX handler lacks any capability checks currentusercan or nonce verification checkajaxreferer/wpverifynonce. The function is...

MAL-2025-54416 Malicious code in putri-rojak84-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d52308bcc58e389356ea7c635ad0c3d7cb4d1be4644ea7b952183a8009722bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2008-3933

Malware in sbrugna...

EUVD-2002-1519

Malware in sbrugna...

EUVD-2001-1169

Malware in sbrugna...

EUVD-2016-4229

Malware in sbrugna...

CVE-2025-52656

HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...

CVE-2025-52656 HCL MyXalytics product is affected by Mass Assignment vulnerability

HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Jan-2023 Release 1, which stems from improper privilege management in...

CVE-2022-32248

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data...

NCH WebDictate 跨站脚本漏洞

A cross-site scripting vulnerability exists in NCH WebDictate, a web-based dictation recording, editing, and management software, which stems from a failure of the product's Recipient Name field to properly validate user data, which could be exploited to add or modify affected fields...

CVE-2019-5478

The CVE-2019-5478 issue affects Xilinx Zynq UltraScale+ devices in Encrypt Only boot mode. The vulnerability allows an adversary to modify the boot image control fields, which can lead to incorrect or bypassed secure boot behavior. Root cause is a weakness in the Encrypt Only boot mode; exact imp...

Huawei UMA suffers from command line injection vulnerability (CNVD-2016-06968)

Huawei UMA Unified Maintenance Audit is a unified audit system. It provides a unified O&M operation portal, controls and records O&M operations performed by users, and supports auditing by command view and video playback. A command execution vulnerability exists in Huawei UMA. As the system does...

WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay

WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay Exploit Title : Wordpress Video Gallery 2.8 Unprotected Mail Page Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage :...

OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...

Allow issue security level to use any custom field that implements UserCFNotificationTypeAware

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-18099. panel It would be useful to be able to set the security level on an issue to include everyone who participated on an issue so if you...

CVE-2003-1212

MaxWebPortal 1.30 is affected. The vulnerability allows remote attackers to perform unauthorized actions by tampering with hidden form fields (examples: news, lock, allmem) on the 'start new topic' HTML page. Root cause is modification of hidden fields, enabling unauthorized actions. The availabl...

[SHK-001]Payflow Link Default Config may lead to Hidden Field Modification

Shirkdog Security Advisory SHK-001 Title: ------- Payflow Link Default Config may lead to Hidden Field Modification Description of Application: ------------------------------------ http://verisign.com/products-services/payment-processing/online-payment/payflow-link/index.html careful with the lin...

CVE-2000-0758

The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the listadmin hidden form field...