Lucene search
K

14 matches found

OSV
OSV
added 2026/06/22 8:7 p.m.3 views

CVE-2026-55603 http-proxy-middleware: multipart/form-data field injection via unescaped CRLF in `fixRequestBody`

http-proxy-middleware is node.js http-proxy middleware. From 3.0.4 until 3.0.7 and 4.1.1, fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with...

7.5CVSS6AI score0.00243EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/06 1:26 a.m.12 views

EUVD-2026-34941

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS5.7AI score0.00314EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/07 9:37 a.m.11 views

CVE-2019-7871

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

8.8CVSS7.5AI score0.01253EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-5282

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01253EPSS
Exploits0References5
Veracode
Veracode
added 2022/12/13 6:5 a.m.22 views

Cross-Site Scripting (XSS)

yikesinc/yikes-inc-easy-mailchimp-extender is vulnerable to cross-site scripting. The vulnerability exists because of unsanitized form data used in the addfieldtoform.php, allowing an attacker to inject and execute malicious JavaScript...

6.1CVSS2.4AI score0.00545EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:52 p.m.19 views

GHSA-V527-6H5R-CFG8 Magento 2 Community Edition Unsafe File Upload

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

8.8CVSS9.1AI score0.01253EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.23 views

Magento 2 Community Edition Unsafe File Upload

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

8.8CVSS8AI score0.01253EPSS
Exploits0References5Affected Software1
WPVulnDB
WPVulnDB
added 2022/03/21 12:0 a.m.22 views

Easy Social Icons < 3.2.1 - Admin+ Stored Cross-Site Scripting in add icon

The plugin does not properly escape the imagefile field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when the unfilteredhtml capability is disallowed. Version 3.2.0 adressed some of the issues, but was still vulnerable when clicking to edit the...

4.8CVSS2.2AI score0.00588EPSS
Exploits2Affected Software1
NVD
NVD
added 2019/08/02 10:15 p.m.29 views

CVE-2019-7871

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

8.8CVSS9.1AI score0.01253EPSS
Exploits0References1
Prion
Prion
added 2019/08/02 10:15 p.m.19 views

Security feature bypass

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

6.5CVSS9AI score0.01253EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/02 9:17 p.m.28 views

CVE-2019-7871

A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection...

9.1AI score0.01253EPSS
Exploits0References1
CVE
CVE
added 2019/08/02 9:17 p.m.142 views

CVE-2019-7871

Magento 2.x contains a security bypass that enables arbitrary PHP code execution via form data injection. Affected versions are 2.1 before 2.1.18, 2.2 before 2.2.9, and 2.3 before 2.3.2. The root cause is a bypass of protections that prevent arbitrary PHP script upload, exploitable by an authenti...

8.8CVSS9AI score0.01253EPSS
Exploits0References1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.33 views

PRODSECBUG-2202: Security bypass via form data injection

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

8.8CVSS7.2AI score0.01253EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2018/10/29 12:0 a.m.29 views

School Event Management System 1.0 Shell Upload

Exploit Title: School Event Management System 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/sems1.zip Version: 1.0...

9.7AI score0.09504EPSS
Exploits5
Rows per page
Query Builder