CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

CVE-2026-34213

Docmost (open-source wiki/docs) is affected from v0.3.0 up to v0.70.x. The vulnerability is an improper authorization flaw that allows a low-privileged authenticated user to overwrite another page’s attachment in the same workspace by supplying attachmentId to POST /api/files/upload. Impact is a ...

URL Confusion When Scheme Not Supplied

Description This is a URL confusion vulnerability. When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com. Such behaviour is different from that exhibited by browsers, which will parse...

Kingsoft Antivirus Elevation of Privilege Vulnerability

Kingsoft AntiVirus is a highly intelligent anti-virus software officially developed by Kingsoft. The system service installed by Kingsoft Antivirus provides the ability to create elevated privilege processes, but there are vulnerabilities in the validation process that allow code to be executed...

MS12-074: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)

The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities : - The way .NET Framework validates the permissions of certain objects during reflection is flawed and could be exploited by an attacker to gain complete control of an affected...