PT-2026-26337

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

WordPress JetFormBuilder plugin <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation vulnerability

Missing Authorization to Unauthenticated Form Generation vulnerability discovered by Tri Firdyanto Firdy - ZeroByte in WordPress Plugin JetFormBuilder versions = 3.5.3...

CVE-2025-11991 JetFormBuilder <= 3.5.3 - Missing Authorization to Unauthenticated Form Generation

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the runcallback function in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to generate form...

CVE-2025-11991

CVE-2025-11991 : JetFormBuilder — Dynamic Blocks Form Builder for WordPress suffers unauthenticated data modification due to a missing capability check in run_callback in all versions up to 3.5.3, allowing unauthenticated form generation that can consume the site’s AI usage limits. A patch exists...

WordPress plugin "Smart Forms" vulnerable to cross-site request forgery

Overview The WordPress plugin "Smart Forms" provided by RedNao contains a cross-site request forgery vulnerability CWE-352. Masaki Saito of TDU Cryptography Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

CVE-2013-4491

CVE-2013-4491 is a Cross-site scripting flaw in Ruby on Rails Action Pack’s i18n translation path. The vulnerability arises when an i18n fallback string includes user-controlled input, allowing remote script or HTML injection. Affected are Rails 3.x prior to 3.2.16 and 4.x prior to 4.0.2. Patches...