PT-2026-26337

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

WordPress JetFormBuilder plugin <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation vulnerability

Missing Authorization to Unauthenticated Form Generation vulnerability discovered by Tri Firdyanto Firdy - ZeroByte in WordPress Plugin JetFormBuilder versions = 3.5.3...

CVE-2025-11991

CVE-2025-11991 : JetFormBuilder — Dynamic Blocks Form Builder for WordPress suffers unauthenticated data modification due to a missing capability check in run_callback in all versions up to 3.5.3, allowing unauthenticated form generation that can consume the site’s AI usage limits. A patch exists...

CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

Overview The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

CVE-2013-4491

CVE-2013-4491 is a Cross-site scripting flaw in Ruby on Rails Action Pack’s i18n translation path. The vulnerability arises when an i18n fallback string includes user-controlled input, allowing remote script or HTML injection. Affected are Rails 3.x prior to 3.2.16 and 4.x prior to 4.0.2. Patches...