CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/01 10:3 p.m.•7 views

CVE-2026-45697

Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3.1.24, unauthenticated users could submit crafted values into Hidden fields with Default value → Custom that were evaluated as Twig during submission handling, which could lead to serious compromise of the Craft site depending ...

NVD•added 2026/05/29 8:16 p.m.•12 views

CVE-2026-47266

8.7CVSS0.00311EPSS

NVD•added 2026/05/29 8:16 p.m.•9 views

CVE-2026-45697

9.8CVSS0.00475EPSS

Cvelist•added 2026/05/29 7:3 p.m.•31 views

CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions

8.7CVSS0.00311EPSS

EUVD•added 2026/05/29 7:3 p.m.•12 views

EUVD-2026-33422

ATTACKERKB•added 2026/05/29 7:3 p.m.•6 views

CVE-2026-47266

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/29 7:3 p.m.•10 views

CVE-2026-47266 Formie: Unauthenticated front-end submission editing can overwrite existing submissions

CVE•added 2026/05/29 7:3 p.m.•18 views

CVE-2026-47266

CVE-2026-47266 - Formie (Craft CMS plugin) Affected: Formie plugin for Craft CMS. Vulnerable in versions prior to 2.2.21 and 3.1.26. Root cause: Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to formie/submissions/save-submission. Impact: Allow...

ATTACKERKB•added 2026/05/29 7:1 p.m.•6 views

CVE-2026-45697

Exploits0References5Affected Software1

Cvelist•added 2026/05/29 7:1 p.m.•30 views

CVE-2026-45697 Formie: Pre-authenticated server-side template injection in Hidden fields

9.8CVSS0.00475EPSS

EUVD•added 2026/05/29 7:1 p.m.•8 views

EUVD-2026-33421

CVE•added 2026/05/29 7:1 p.m.•16 views

CVE-2026-45697

Formie (Craft CMS plugin) exposes a pre-authenticated server-side template injection via Hidden fields configured with Default value → Custom. Unauthenticated users could submit crafted values that are evaluated as Twig during submission handling, potentially compromising the Craft site. Affected...

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44977

Name of the Vulnerable Software and Affected Versions Formie versions prior to 2.2.21 Formie versions prior to 3.1.26 Description Unauthenticated users can modify existing submissions by sending a known or guessed submission ID to the 'formie/submissions/save-submission' endpoint. Recommendations...

EUVD•added 2025/10/03 8:7 p.m.•3 views

Exploits0References11

EUVD-2025-10804

Malicious code in bioql PyPI...

5.4CVSS6.3AI score0.00182EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 8:55 a.m.•6 views

CVE-2024-35191

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or renderi...

4.4CVSS6.9AI score0.00253EPSS

RedhatCVE•added 2025/04/13 2:51 p.m.•12 views

CVE-2025-32426

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...

5.4CVSS6.8AI score0.00182EPSS

RedhatCVE•added 2025/04/13 2:51 p.m.•9 views

CVE-2025-32427

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who hav...

5.4CVSS6.7AI score0.00183EPSS

NVD•added 2025/04/11 2:15 p.m.•14 views

CVE-2025-32426

5.4CVSS0.00182EPSS

NVD•added 2025/04/11 2:15 p.m.•10 views

CVE-2025-32427

5.4CVSS0.00183EPSS