instagrapi: Unsafe signup challenge path handling in instagrapi

instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...

CVE-2026-8692

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

CVE-2026-8692

The CVE covers the Vedrixa Forms – WordPress plugin (versions up to 1.1.1). The issue is an authorization bypass in the AJAX handler (wefb_save_form_structure), allowing authenticated users with subscriber-level access and above to arbitrarily modify form structure by writing attacker-controlled ...

EUVD-2026-31414

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

CVE-2026-8692 Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

CVE-2026-8692 Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

EUVD-2026-31401

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

WordPress plugin Vedrixa Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-42739

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it...

WordPress Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Form Structure Modification vulnerability discovered by Thanh Toan Bui in WordPress Plugin Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder versions = 1.1.1...

WordPress Piotnet Forms plugin <= 2.1.40 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 - EnvoraSec in WordPress Plugin Piotnet Forms versions = 2.1.40...

PT-2026-42698

Summary When an application using Pydantic AI opts a URL into force download='allow-local' which disables the default block on private/internal IPs, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form IPv4-mapped IPv6, 6to4, or NAT64. Dual-stack a...

CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

CVE-2026-45443

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

CVE-2026-45443

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

CVE-2026-45443

CVE-2026-45443 affects the WordPress plugin PDF for Elementor Forms + Drag And Drop Template Builder (versions

CVE-2026-45443 WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

EUVD-2026-31096

Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Drag And Drop Template Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through 5.5.1...

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Tran Tuan Dung domiee13 in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 5.5.1...

Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds

A new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data...