CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8191 matches found

CVE•added 2024/07/21 7:17 a.m.•45 views

CVE-2024-37512

CVE-2024-37512 is a Stored XSS in Basix NEX-Forms – Ultimate Form Builder (WordPress plugin) affecting versions up to 8.5.10. The vulnerability stems from improper neutralization of input during web page generation. Public advisories from NVD/Red Hat and CVE records confirm the issue as Stored XS...

6.5CVSS6.4AI score0.00296EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/07/21 7:17 a.m.•25 views

CVE-2024-37512 WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10...

6.5CVSS0.00296EPSS

Exploits0References1

Vulnrichment•added 2024/07/21 7:17 a.m.•14 views

CVE-2024-37512 WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability

6.5CVSS6.8AI score0.00296EPSS

Exploits0References1

OSV•added 2024/07/21 2:15 a.m.•2 views

CVE-2024-6934

A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submissiontype=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack...

4.8CVSS3.8AI score

Exploits0References4

Positive Technologies•added 2024/07/21 12:0 a.m.•4 views

PT-2024-27617 · Unknown · Basix Nex-Forms

Name of the Vulnerable Software and Affected Versions: Basix NEX-Forms – Ultimate Form Builder versions through 8.5.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which can be...

6.5CVSS6.3AI score0.00296EPSS

Exploits0References6

Patchstack•added 2024/07/19 12:20 p.m.•5 views

WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability

Unauthenticated Blind SQL Injection vulnerability discovered by Asif Wani Patchstack Alliance in WordPress Plugin FormLift for Infusionsoft Web Forms versions = 7.5.17...

9.8CVSS8.1AI score0.02004EPSS

Exploits0Affected Software1

Patchstack•added 2024/07/19 12:0 a.m.•9 views

WordPress FormLift for Infusionsoft Web Forms Plugin <= 7.5.17 is vulnerable to SQL Injection

Software FormLift for Infusionsoft Web Forms Type Plugin Vulnerable versions = 7.5.17 Fixed in 7.5.18 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38773 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d19e614d84b5 Credits Asif Wani Required...

9.8CVSS7.2AI score0.02004EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/07/10 6:19 a.m.•4 views

WordPress Gravity Forms: Multiple Form Instances plugin <= 1.1.1 - Unauthenticated Full Path Disclosure vulnerability

Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Gravity Forms: Multiple Form Instances versions = 1.1.1...

5.3CVSS7AI score0.00456EPSS

Exploits0References1Affected Software1

NVD•added 2024/07/10 4:15 a.m.•10 views

CVE-2024-6550

The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. This is due to the plugin leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of...

5.3CVSS0.00456EPSS

Exploits0References3

Vulnrichment•added 2024/07/10 3:32 a.m.•16 views

CVE-2024-6550 Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure

5.3CVSS6.6AI score0.00456EPSS

Exploits0References3

Cvelist•added 2024/07/10 3:32 a.m.•18 views

CVE-2024-6550 Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure

5.3CVSS0.00456EPSS

Exploits0References3

CVE•added 2024/07/10 3:32 a.m.•46 views

CVE-2024-6550

CVE-2024-6550 refers to Gravity Forms: Multiple Form Instances for WordPress. The connected Red Hat entry confirms a Full Path Disclosure in versions up to 1.1.1 caused by test files with display_errors on, allowing unauthenticated access to the web app path. Impact is Information Exposure (low c...

5.3CVSS5.5AI score0.00456EPSS

Exploits0References3

Github Security Blog•added 2024/07/10 12:30 a.m.•22 views

BookStack Incorrect Access Control vulnerability

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

7.5CVSS6.8AI score0.00646EPSS

Exploits0References6Affected Software1

CNNVD•added 2024/07/10 12:0 a.m.•4 views

WordPress plugin Gravity Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.5AI score0.00456EPSS

Exploits0References4

Patchstack•added 2024/07/10 12:0 a.m.•7 views

WordPress Gravity Forms: Multiple Form Instances Plugin <= 1.1.1 is vulnerable to Full Path Disclosure (FPD)

Software Gravity Forms: Multiple Form Instances Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A5: Security Misconfiguration Classification Full Path Disclosure FPD CVE CVE-2024-6550 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID af3116244e6e Credits...

5.3CVSS6.6AI score0.00456EPSS

Exploits0References3Affected Software1

OSV•added 2024/07/09 1:15 p.m.•2 views

CVE-2024-37934

Improper Control of Generation of Code 'Code Injection' vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4...

9.8CVSS5.8AI score

Exploits0References1

NVD•added 2024/07/09 1:15 p.m.•27 views

CVE-2024-37934

Improper Control of Generation of Code 'Code Injection' vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4...

9.8CVSS0.00467EPSS

Exploits0References1

CVE•added 2024/07/09 12:22 p.m.•67 views

CVE-2024-37934

The CVE-2024-37934 entry concerns the Ninja Forms WordPress plugin. Public sources describe an improper generation of code (code injection) vulnerability that enables Arbitrary Shortcode Execution in Ninja Forms versions up to 3.8.4. Connected Red Hat/Wordfence references corroborate a vulnerabil...

9.8CVSS7.6AI score0.00467EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/07/09 12:22 p.m.•23 views

CVE-2024-37934 WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4...

5.4CVSS7.4AI score0.00467EPSS

Exploits0References1

Cvelist•added 2024/07/09 12:22 p.m.•22 views

CVE-2024-37934 WordPress Ninja Forms plugin <= 3.8.4 - Subscriber+ Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Saturday Drive Ninja Forms allows Code Injection.This issue affects Ninja Forms: from n/a through 3.8.4...

5.4CVSS0.00467EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by