WordPress WP Forms Signature Contract Add-On plugin <= 1.8.2 - Broken Access Control to Notice Dismissal vulnerability

Broken Access Control to Notice Dismissal vulnerability discovered by Nabil Irawan in WordPress Plugin WP Forms Signature Contract Add-On versions = 1.8.2...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

EUVD-2026-3100

Malicious code in forms-new-design npm...

MAL-2026-286 Malicious code in forms-new-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cf1f5f8d78c6e26b45ef4a895859922f68ff7afb558284111a34f497681b324 The package forms-new-design was found to contain malicious code. Source: ghsa-malware 45f98af63ec853b571da818f8d974890156b0fd52c9c2ab3fa74a4e213ff3f...

Malicious code in forms-new-design (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cf1f5f8d78c6e26b45ef4a895859922f68ff7afb558284111a34f497681b324 The package forms-new-design was found to contain malicious code. Source: ghsa-malware 45f98af63ec853b571da818f8d974890156b0fd52c9c2ab3fa74a4e213ff3f...

Umbraco Forms security vulnerabilities

Umbraco Forms is a form-building tool developed by the Umbraco company. Umbraco Forms versions 8.13.16 and earlier contained security vulnerabilities. These vulnerabilities stemmed from authenticated attackers being able to provide malicious WSDL URLs as data sources, potentially leading to remot...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

CVE-2025-68924

CVE-2025-68924 affects UmbracoForms up to version 8.13.16. An authenticated attacker can specify a malicious WSDL URL as a Webservice data source, enabling remote code execution via dynamic SOAP client generation. The root cause is untrusted WSDL processing in the Webservice data source. Impact i...

PT-2026-3273

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

CVE-2026-22803 SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-crafted payload can cause the server to allocate...

CVE-2025-14803

The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting...

GHSA-VRGW-PC9C-QRRC UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation

Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...

UmbracoForms Vulnerable to Remote Code Execution via Untrusted WSDL Compilation in Dynamic SOAP Client Generation

Impact Within Umbraco Forms, configuring a malicious URL on the Webservice data source can result in Remote Code Execution. This affects all Umbraco Forms versions running on .NET Framework up to and including version 8. Patches The affected Umbraco Forms versions are all End-of-Life EOL and not...

EUVD-2026-2325

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices getmeterlevelsfromurb parses the 64-byte meter packets sent by the device and fills the per-channel arrays meterlevel, complevel and masterlevel in struct...

PT-2026-2357

Name of the Vulnerable Software and Affected Versions WPForms version 1.7.8 Description The software contains a cross-site scripting issue in the slider import search feature and tab parameter. An attacker can inject malicious scripts through the /ListTable.php endpoint to execute arbitrary...

WordPress Nex-Forms Express WP Form Builder plugin < 9.1.8 - Authenticated Stored XSS vulnerability

Authenticated Stored XSS vulnerability discovered by Vuln Seeker Cyber Security Team in WordPress Plugin NEX-Forms versions 9.1.8...

CVE-2026-0674

Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Campaign Monitor for WordPress: from n/a through 2.9.1...

CVE-2025-61676

CVE-2025-61676 affects October CMS prior to 3.7.13 and 4.0.12, where a stored XSS in the backend configuration form (Branding & Appearance → Styles) could be injected by users with Customize Backend Styles permission. A crafted input in the stylesheet field could break out of the context, enabli...

October CMS 跨站脚本漏洞

October CMS is an open source content management system CMS from October CMS based on PHP and the Laravel web application framework. A cross-site scripting vulnerability exists in October CMS versions prior to 3.7.13 and prior to 4.0.12, which stems from insufficient cleanup and escaping in...