CVE-2026-2958 D-Link DWR-M960 formWsc sub_457C5C stack-based overflow

A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub457C5C of the file /boafrm/formWsc. Such manipulation of the argument saveapply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and...

EUVD-2025-5929

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-6660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that...

CVE-2025-25635

TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoedns1 parameter in the formIpv6Setup interface of /bin/boa...

WordPress plugin Contact Form to Any API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

H3C Magic R300 缓冲区错误漏洞

The H3C Magic R300 is a wireless router from China's Xinhua San H3C. A security vulnerability exists in firmware version H3C Magic R300 R300-2100MV100R004, which originates from a stack overflow contained in the EdittriggerList interface of goform/aspForm...

H3C Magic R200 缓冲区错误漏洞

The H3C Magic R200 is a router from China's Xinhua San H3C. A security vulnerability exists in the H3C Magic R200 R200V100R004 version, which stems from the discovery of a stack overflow vulnerability contained via the SetAPWifiorLedInfoById interface of /goform/aspForm...

DRUPAL-CORE-2022-003

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...

PT-2022-1767 · Drupal +1 · Drupal Core +1

Name of the Vulnerable Software and Affected Versions: Drupal core affected versions not specified Description: The issue is related to insufficient input validation in the Drupal core's form API, which may allow an attacker to inject disallowed values or overwrite data. This could potentially...

DRUPAL-CORE-2020-004

The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities...

PT-2020-6778 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core affected versions not specified Description: The issue is related to insufficient authentication of executed requests in the Drupal CMS system. It can be exploited by a remote attacker to execute arbitrary code. Additionally, ther...

UBUNTU-CVE-2013-6385

The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution via...

esp cms injection 0day-vulnerability warning-the black bar safety net

In urldecode the role of the non-filtered result in injection form interface/search.php ---- intaglist ---- $tagkey（ Urldecdoe after processing directly into SQL statement, the injection formedcode omitted Test: http://localhost/espcms/index.php?ac=search&at=taglist&tagkey=dd%2 5 2 7,%2527dd%2 5 ...