Lucene search
K

818 matches found

Patchstack
Patchstack
added 2026/05/05 5:53 p.m.6 views

WordPress Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Niv Kochan in WordPress Plugin FluentForm versions = 6.2.1...

4.9CVSS5.8AI score0.00554EPSS
Exploits0References1Affected Software1
CBLMariner
CBLMariner
added 2026/04/27 9:30 p.m.8 views

CVE-2025-63652 affecting package fluent-bit for versions less than 3.1.10-6

CVE-2025-63652 affecting package fluent-bit for versions less than 3.1.10-6. A patched version of the package is available...

7.5CVSS5.3AI score0.01043EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/04/23 8:30 p.m.5 views

CVE-2025-63657 affecting package fluent-bit for versions less than 3.1.10-5

CVE-2025-63657 affecting package fluent-bit for versions less than 3.1.10-5. A patched version of the package is available...

7.5CVSS5.3AI score0.01043EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/23 8:39 a.m.9 views

org.apache.httpcomponents.client5:httpclient5-cache (=5.6-alpha1), org.apache.httpcomponents.client5:httpclient5-fluent (=5.6-alpha1) +2 more potentially affected by CVE-2026-40542 via org.apache.httpcomponents.client5:httpclient5 (=5.6-alpha1)

org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.6-alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.httpcomponents.client5:httpclient5 and may be impacted: - org.apache.httpcomponents.client5:httpclient5-cache =5.6-alpha1...

7.3CVSS5.8AI score0.00456EPSS
Exploits0
Patchstack
Patchstack
added 2026/04/17 9:57 a.m.9 views

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability

WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin = 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability discovered by Prickly Cactus in WordPress Plugin FluentForm...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/16 3:31 p.m.5 views

EUVD-2026-23237

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3
NVD
NVD
added 2026/04/16 2:16 p.m.4 views

CVE-2026-4160

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...

5.3CVSS0.00305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/16 1:27 p.m.7 views

CVE-2026-4160

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/16 1:27 p.m.41 views

CVE-2026-4160 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...

5.3CVSS0.00305EPSS
Exploits0References2
CVE
CVE
added 2026/04/16 1:27 p.m.15 views

CVE-2026-4160

The CVE-2026-4160 entry concerns the WordPress Fluent Forms plugin (versions up to 6.1.21). Affected component: Stripe SCA confirmation AJAX endpoint handling a submission_id parameter. Root cause: missing authorization and ownership validation on a user-controlled key enables Insecure Direct Obj...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/16 1:27 p.m.5 views

CVE-2026-4160 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submissionid' parameter in versions up to, and including, 6.1.21. This is due to missing authorization and ownership validatio...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.5 views

PT-2026-33318

Name of the Vulnerable Software and Affected Versions Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder versions prior to 6.1.22 Description An Insecure Direct Object Reference IDOR exists due to missing authorization and ownership validation on a user...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.9 views

WordPress plugin Fluent Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00305EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.11 views

CVE-2026-32282 vulnerabilities

Vulnerabilities for packages: fuse-overlayfs-snapshotter, kyverno, zot, datadog-agent, cert-manager, kube-fluentd-operator, k8s-device-plugin, spire-server, kots, falco-no-driver, external-dns, keda, knative-serving, chezmoi, coredns, gatekeeper, redka, argo-cd, kubernetes, istio,...

6.4CVSS6.8AI score0.00292EPSS
Exploits0
OSV
OSV
added 2026/04/01 9:27 a.m.7 views

CLEANSTART-2026-CU52059 Security fixes for CVE-2025-61728, CVE-2025-61730, CVE-2026-24051, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 3.3.0-r7, 3.5.0-r0

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

7CVSS7.2AI score0.00643EPSS
Exploits1References12
OSV
OSV
added 2026/04/01 9:27 a.m.9 views

CLEANSTART-2026-MZ18595 Security fixes for CVE-2025-61730, CVE-2025-61732, CVE-2026-27139, CVE-2026-27142 applied in versions: 3.4.0-r7

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

8.6CVSS7.2AI score0.00472EPSS
Exploits0References9
OSV
OSV
added 2026/04/01 9:27 a.m.16 views

CLEANSTART-2026-UB49656 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.5.0-r0, 3.5.0-r1

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References11
OSV
OSV
added 2026/04/01 9:27 a.m.5 views

CLEANSTART-2026-KA15295 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.7.0-r0, 3.7.0.-r1

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References13
OSV
OSV
added 2026/04/01 9:27 a.m.15 views

CLEANSTART-2026-VS17175 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27141, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.0-r3

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References11
OSV
OSV
added 2026/04/01 9:11 a.m.6 views

CLEANSTART-2026-CG86499 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 3.6.5-r0

Multiple security vulnerabilities affect the fluent-bit-plugin-loki package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS7.2AI score0.01557EPSS
Exploits1References11
Rows per page
Query Builder