WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.5.0...

CVE-2025-49399

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through = 9.1.3...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-46849

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46936

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin NEX-Forms versions = 9.1.3...

CVE-2025-49399

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through = 9.1.3...

CVE-2025-49399

CVE-2025-49399 is a CSRF vulnerability in the WordPress plugin “NEX-Forms – Ultimate Forms Plugin” (NEX-Forms Express WP Form Builder) affecting versions up to 9.1.3. The provided data indicate an attacker could induce CSRF, with CVSS v3.1 metrics showing a base score of 8.8 (High) and network at...

CVE-2025-49399 WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through = 9.1.3...

CVE-2025-49399 WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3...

PT-2025-33940 · Basix · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms versions through 9.1.3 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Basix NEX-Forms, allowing attackers to perform actions on behalf of an authenticated user without their knowledge. This vulnerabilit...

WordPress plugin NEX-Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-8450

The CVE-2025-8450 entry concerns Fortra FileCatalyst Workflow. The vulnerability arises from an Improper Access Control issue in the Workflow component that allows unauthenticated users to upload arbitrary files via the order forms page. Documents consistently identify this as an unrestricted fil...

CVE-2025-8450 Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-8450 Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

Malicious code in @cf.cplace.platform/forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7be4ed03fbd3f41262f582eab6a80ae6e67fe611301ef8cf9558555a0add3af9 The OpenSSF Package Analysis project identified '@cf.cplace.platform/forms' @ 9.1.99 npm as malicious. It is considered malicious because: - The...

MAL-2025-41245 Malicious code in @cf.cplace.platform/forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7be4ed03fbd3f41262f582eab6a80ae6e67fe611301ef8cf9558555a0add3af9 The OpenSSF Package Analysis project identified '@cf.cplace.platform/forms' @ 9.1.99 npm as malicious. It is considered malicious because: - The...

PT-2025-33838 · Fortra · Fortra Filecatalyst

Name of the Vulnerable Software and Affected Versions: Fortra FileCatalyst versions affected versions not specified Description: An improper access control issue exists in the Workflow component of Fortra FileCatalyst. This allows unauthenticated users to upload arbitrary files via the order form...

Linux Distros Unpatched Vulnerability : CVE-2022-22728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a reque...