8086 matches found
CVE-2016-20054
CVE-2016-20054 concerns Nodcms and a cross-site request forgery (CSRF) vulnerability that enables unauthorized administrative actions via crafted forms. The issue allows tricking authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints t...
CVE-2016-20051 Snews CMS 1.7 Cross-Site Request Forgery via changeup
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...
CVE-2016-20051
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...
PT-2026-30379
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user manipulate and admin/settings/generall endpoints to...
PT-2026-30349
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST...
PT-2026-33154
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description A use after free issue in Forms allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that occurs...
GHSA-RF75-G96H-J3RM Duplicate Advisory: OpenClaw's complex interpreter pipelines could skip exec script preflight validation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fvx6-pj3r-5q4q. This link is maintained to preserve external references. Original Description OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protecti...
PT-2026-29868
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to commit 8aceaf5 Description OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass in shell-bleed protection. This allows attackers to execute blocked script content by using piped or complex...
CVE-2026-3300
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...
EUVD-2026-17763
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-3831
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-3831
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
CVE-2026-3831 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the entriesshortcode function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with...
Important: python-tornado
Issue Overview: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates...
WordPress plugin Database for Contact Form 7, WPforms, Elementor forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...
CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...
WordPress Everest Forms Pro plugin <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field vulnerability
Unauthenticated Remote Code Execution via Calculation Field vulnerability discovered by hoshino in WordPress Plugin Everest Forms Pro versions = 1.9.12...
EUVD-2026-17275
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...
CVE-2026-3300
The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...