CVE-2025-43762

CVE-2025-43762 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–2025.Q1.1 (also 2024 Qx releases), where forms upload allows an unlimited number of files to be stored in document_library, enabling a potential DDoS. Concrete details available: vulnerable components include form upl...

CVE-2025-43762

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the...

CVE-2025-46962

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin PDF for Elementor Forms + Drag And Drop Template Builder versions = 6.5.0...

CVE-2025-49399

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through = 9.1.3...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-46936

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46849

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin NEX-Forms versions = 9.1.3...

CVE-2025-49399

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through = 9.1.3...

CVE-2025-49399 WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Cross Site Request Forgery.This issue affects NEX-Forms: from n/a through = 9.1.3...

CVE-2025-49399 WordPress NEX-Forms Plugin <= 9.1.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Basix NEX-Forms allows Cross Site Request Forgery. This issue affects NEX-Forms: from n/a through 9.1.3...

CVE-2025-49399

CVE-2025-49399 is a CSRF vulnerability in the WordPress plugin “NEX-Forms – Ultimate Forms Plugin” (NEX-Forms Express WP Form Builder) affecting versions up to 9.1.3. The provided data indicate an attacker could induce CSRF, with CVSS v3.1 metrics showing a base score of 8.8 (High) and network at...

PT-2025-33940 · Basix · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms versions through 9.1.3 Description: A Cross-Site Request Forgery CSRF vulnerability exists in Basix NEX-Forms, allowing attackers to perform actions on behalf of an authenticated user without their knowledge. This vulnerabilit...

WordPress plugin NEX-Forms 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-8450

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-8450

The CVE-2025-8450 entry concerns Fortra FileCatalyst Workflow. The vulnerability arises from an Improper Access Control issue in the Workflow component that allows unauthenticated users to upload arbitrary files via the order forms page. Documents consistently identify this as an unrestricted fil...

CVE-2025-8450 Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

CVE-2025-8450 Unrestricted File Upload in FileCatalyst

Improper Access Control issue in the Workflow component of Fortra's FileCatalyst allows unauthenticated users to upload arbitrary files via the order forms page...

Malicious code in @cf.cplace.platform/forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7be4ed03fbd3f41262f582eab6a80ae6e67fe611301ef8cf9558555a0add3af9 The OpenSSF Package Analysis project identified '@cf.cplace.platform/forms' @ 9.1.99 npm as malicious. It is considered malicious because: - The...