MAL-2026-4683 Malicious code in tax4all-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/[email protected] — the...

CVE-2026-2881 D-Link DWR-M960 Advanced Firewall Configuration Endpoint formFirewallAdv sub_425FF8 stack-based overflow

A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack...

CVE-2021-47820 Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)

Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent...

CVE-2025-14465

The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...

WordPress plugin Sticky Action Buttons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

CVE-2025-13159 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload

The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.0.43. This is due to the plugin allowing SVG file uploads via an unauthenticated AJAX endpoint floformsubmit without proper...

CVE-2025-9944

CVE-2025-9944 affects the Professional Contact Form plugin for WordPress (all versions up to 1.0.0). Root cause: missing/invalid nonce validation in the watch_for_contact_form_submit function, enabling CSRF. Impact: unauthenticated attackers can trigger test emails by tricking an admin into perfo...

SUSE CVE-2018-12374

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird 52.9...

FlightPath &lt; 4.8.2 / &lt; 5.0-rc2 - Local File Inclusion

Exploit Title: FlightPath 4.8.2 & 5.0-rc2 - Local File Inclusion Date: 07-07-2019 Exploit Author: Mohammed Althibyani Vendor Homepage: http://getflightpath.com Software Link: http://getflightpath.com/project/9/releases Version: 4.8.2 & 5.0-rc2 Tested on: Kali Linux CVE : CVE-2019-13396 Parameters...

CVE-2019-13396

FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the forminclude parameter in an index.php?q=system-handle-form-submit POST request because of an includeonce in systemhandleformsubmit in modules/system/system.module...

CVE-2019-13396

FlightPath is affected by CVE-2019-13396: versions prior to 4.8.2 and 5.0-rc2 contain a Local File Inclusion vulnerability caused by include_once in system_handle_form_submit, enabling directory traversal via the form_include parameter in index.php?q=system-handle-form-submit. Impact cited includ...

Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities

Sourcefabric Campsite - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/42107/info Sourcefabric Campsite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issu...

XOOPS Module icontent 1.0 Remote File Inclusion Exploit

No description provided by source. html head meta http-equiv="Content-Type" content="text/html; charset=windows-1254" titleXOOPS Module icontent v.1.0 Remote File Inclusion Exploit/title script language="JavaScript"...

E Annu 1.0 Login Bypass SQL Injection Exploit

No description provided by source. html head meta http-equiv="Content-Type" content="text/html; charset=windows-1254" titleE Annu 1.0 Login Bypass SQL Injection Exploit/title script language="JavaScript"...