CVE-2026-6226

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

CVE-2026-6226 Frontend Admin by DynamiApps <= 3.29.2 - Unauthenticated Privilege Escalation via Form Configuration Injection

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the...

CVE-2026-6226

The CVE-2026-6226 issue affects the WordPress plugin Frontend Admin by DynamiApps (versions ≤ 3.29.2). Affected component is the form submission handling logic, where attacker-controlled form definitions can bypass backend validation when $_POST['_acf_form'] is an array. The validate_form() path ...

EUVD-2026-32032

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer...

PT-2026-43474

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer...

CVE-2026-4862 UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can b...

PT-2026-1716

Name of the Vulnerable Software and Affected Versions Debt.com Business in a Box plugin for WordPress versions up to and including 4.1.0 Description The Debt.com Business in a Box plugin for WordPress is susceptible to Stored Cross-Site Scripting through the configuration parameter of the lead fo...

CVE-2025-15429

CVE-2025-15429 affects UTT 进取 512W 1.7.7-171114. The vulnerability is in the function strcpy of /goform/formConfigCliForEngineerOnly, where manipulating the addCommand argument can trigger a buffer overflow. This may allow remote, unauthenticated code execution; exploitation is publicly disclosed...

CVE-2025-15429 UTT 进取 512W formConfigCliForEngineerOnly strcpy buffer overflow

A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is possible to launch the attack remotely. The...

PT-2025-53418

Name of the Vulnerable Software and Affected Versions UTT 进取 512W versions through 1.7.7-171114 Description A buffer overflow issue exists in UTT 进取 512W. The issue is related to the strcpy function within the /goform/formConfigNoticeConfig file. Manipulation of the timestart argument can trigger...

CVE-2022-50683

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings...

CVE-2022-50683

CVE-2022-50683 concerns a stored cross-site scripting vulnerability in Kentico Xperience, arising from unvalidated form redirect URL configuration. The issue allows injection of malicious scripts that execute in users’ browsers in the context of the affected platform. Connected sources (CNVD, EUV...

CVE-2022-50683 Kentico Xperience <= 13.0.74 Form Configuration Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings...

CVE-2025-13550

A vulnerability was determined in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. Impacted is an unknown function of the file /boafrm/formVpnConfigSetup. Executing manipulation of the argument submit-url can lead to buffer overflow. The attack can be executed remotely. The exploit has bee...

EUVD-2025-27512

Malicious code in bioql PyPI...

CVE-2025-10171

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. T...

CVE-2025-10171

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. T...

CVE-2025-10171 UTT 1250GW formConfigApConfTemp sub_453DC buffer overflow

A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. T...

CVE-2025-9591 ZrLog Theme Configuration Form config cross site scripting

A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotel...

CVE-2025-5737

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...