CVE-2025-70899

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery CSRF protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage...

CVE-2025-70899

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery CSRF protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage...

CVE-2025-70899

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery CSRF protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage...

CVE-2025-70899

CVE-2025-70899 affects PHPgurukul Online Course Registration v3.1, where all administrative forms lack CSRF protection. The root cause is missing CSRF safeguards, enabling an attacker to perform unauthorized actions on behalf of authenticated admins by luring them to a malicious page. This yields...

PT-2026-4200

Name of the Vulnerable Software and Affected Versions PHPgurukul Online Course Registration version 3.1 Description The application lacks Cross-Site Request Forgery CSRF protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators ...

PHPGurukul Online Course Registration Security Vulnerabilities

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Corporation. Version 3.1 of PHPGurukul Online Course Registration contains a security vulnerability. This vulnerability stems from the lack of cross-site request forgery protection in all manageme...

Malicious Package

Overview forms-new-design is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MiracleLinux 9 : dotnet6.0-6.0.125-1.el9_3.ML.1 (AXSA:2023-7090:29)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7090:29 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...

MiracleLinux 8 : dotnet7.0-7.0.114-1.el8.ML.1 (AXSA:2024-7360:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7360:01 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...

MiracleLinux 8 : dotnet6.0-6.0.125-1.el8.ML.1 (AXSA:2024-7361:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7361:01 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...

WordPress WP Forms Signature Contract Add-On plugin <= 1.8.2 - Broken Access Control to Notice Dismissal vulnerability

Broken Access Control to Notice Dismissal vulnerability discovered by Nabil Irawan in WordPress Plugin WP Forms Signature Contract Add-On versions = 1.8.2...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

Malicious code in forms-new-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cf1f5f8d78c6e26b45ef4a895859922f68ff7afb558284111a34f497681b324 The package forms-new-design was found to contain malicious code. Source: ghsa-malware 45f98af63ec853b571da818f8d974890156b0fd52c9c2ab3fa74a4e213ff3f...

EUVD-2026-3100

Malicious code in forms-new-design npm...

MAL-2026-286 Malicious code in forms-new-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cf1f5f8d78c6e26b45ef4a895859922f68ff7afb558284111a34f497681b324 The package forms-new-design was found to contain malicious code. Source: ghsa-malware 45f98af63ec853b571da818f8d974890156b0fd52c9c2ab3fa74a4e213ff3f...

CVE-2025-68924

CVE-2025-68924 affects UmbracoForms up to version 8.13.16. An authenticated attacker can specify a malicious WSDL URL as a Webservice data source, enabling remote code execution via dynamic SOAP client generation. The root cause is untrusted WSDL processing in the Webservice data source. Impact i...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

PT-2026-3273

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

Umbraco Forms security vulnerabilities

Umbraco Forms is a form-building tool developed by the Umbraco company. Umbraco Forms versions 8.13.16 and earlier contained security vulnerabilities. These vulnerabilities stemmed from authenticated attackers being able to provide malicious WSDL URLs as data sources, potentially leading to remot...