8131 matches found
CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
CVE-2026-1056
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
CVE-2020-37007
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...
CVE-2020-37007 Liman 0.7 - Cross-Site Request Forgery (Change Password)
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...
CVE-2020-37007 Liman 0.7 - Cross-Site Request Forgery (Change Password)
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...
CVE-2020-37007
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting...
CVE-2026-1244
The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoopcampaign' shortcode in all versions up to, and including, 4.2.5. This is due to insufficient input sanitization and output escaping on the...
PT-2026-5347
Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...
Umbraco Forms path traversal vulnerability
Umbraco Forms is a form-building tool developed by the Umbraco company. Versions 16 and 17 of Umbraco Forms contain a path traversal vulnerability. This vulnerability allows authenticated backend users to enumerate and traverse system file paths, potentially leading to the reading of file content...
PT-2026-5282
Name of the Vulnerable Software and Affected Versions Liman version 0.7 Description The software contains a cross-site request forgery issue that allows attackers to manipulate user account settings without proper request validation. Attackers can create malicious HTML forms to change user...
AZL-75695 CVE-2025-61726 affecting package golang for versions less than 1.24.12-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
AZL-78925 CVE-2025-61726 affecting package golang 1.25.7-1
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
UBUNTU-CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
CVE-2025-61726
CVE-2025-61726 is tied to Go's net/http ParseForm memory consumption when processing URL query forms. Connected documentation confirms impact on msft-golang packages for versions
CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
GO-2026-4341 Memory exhaustion in query parameter parsing in net/url
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containi...
Exploit for CVE-2026-1056
CVE-2026-1056-POC Snow Monkey Forms - Unauthenticated Arbitr...
CVE-2026-1056
The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...
CVE-2026-1056
Summary: CVE-2026-1056 affects the Snow Monkey Forms WordPress plugin. The vulnerability is caused by insufficient file path validation in the PHP function that generates a user directory path, specifically in Directory::generate_user_dirpath, which concatenates an unvalidated form_id onto a toke...