CVE-2026-9482

A vulnerability has been found in Edimax EW-7438RPn 1.31. This impacts the function formSDHCP of the file /goform/formSDHCP. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may...

GHSA-FPG4-JHQR-589C SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only)

Some relatively small inputs can cause very large files arrays in form handlers. If the SvelteKit application code doesn't check files.length or individual files' sizes and performs expensive processing with them, it can result in Denial of Service. Only users with experimental.remoteFunctions:...

CVE-2025-22916

RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function...

CVE-2025-3328

A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely...

CVE-2025-3139

A vulnerability was found in code-projects Bus Reservation System 1.0 and classified as critical. Affected by this issue is the function Login of the component Login Form. The manipulation of the argument Str1 leads to buffer overflow. It is possible to launch the attack on the local host. The...

WordPress plugin Hustle – Email Marketing, Lead Generation, Optins, Popups 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

PT-2024-16380 · WordPress · Hustle

Name of the Vulnerable Software and Affected Versions: Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress versions up to and including 7.8.5 Description: The issue is related to unauthorized form submissions due to a missing capability check on the submit form function...

CVE-2015-5732

Cross-site scripting XSS vulnerability in the form function in the WPNavMenuWidget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title...

WordPress <= 4.2.3 - XSS #2

This vulnerability exists in the WPNavMenuWidget class in wp-includes/default-widgets.php in the "form" function. It allows remote attackers to inject arbitrary web script or HTML via a widget title. Related records: http://db.threatpress.com/vulnerability/wordpress/wordpress-4-2-3-xss Solution...

Fork CMS 'loadForm()' Function Cross-Site Scripting Vulnerability

Fork CMS is a CMS system developed in PHP. A cross-site scripting vulnerability exists in the Fork CMS 'loadForm' function due to the program failing to properly filter user-supplied input. An attacker could use this vulnerability to execute arbitrary script code or steal cookie-based...

perl cgi.pm crossite scripting

Crossite scripting on startform function...