8068 matches found
CVE-2026-5939
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...
CVE-2026-5939
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...
EUVD-2026-25825
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...
GHSA-5M6W-WVH7-57VM Traefik: Pre-authentication decision bypass due to forwarded alias spoofing
Summary There is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonical header names e.g., X-Forwarded-Proto and does not strip or normalize alias variants that...
WordPress plugin HubSpot All-In-One Marketing - Forms, Popups, Live Chat 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
MAL-2026-3003 Malicious code in @amsterdam-local/forms-component-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 291b91d9d855e239db33d7709fe9a88228eee0a166ce7312b5fb7f55f57dc488 The package @amsterdam-local/forms-component-library was found to contain malicious code. Source: ghsa-malware...
CVE-2026-35373
A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...
EUVD-2026-23941
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...
CVE-2026-5478
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...
CVE-2026-5478 Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...
CVE-2026-5478
The Everest Forms WordPress plugin (versions up to and including 3.4.4) is vulnerable to Arbitrary File Read and Deletion via the old_files field. The root cause is trusting attacker-controlled data from public form submissions as legitimate server-side upload state and converting attacker-suppli...
CVE-2026-5478
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...
CVE-2026-5478 Everest Forms <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion via Upload Field 'old_files' Parameter
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled oldfiles data from public form submissions as legitimate server-side upload state, and converting...
WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.4 - Unauthenticated Arbitrary File Read and Deletion vulnerability
Unauthenticated Arbitrary File Read and Deletion vulnerability discovered by ll in WordPress Plugin Everest Forms versions = 3.4.4...
PT-2026-33768
The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old files data from public form submissions as legitimate server-side upload state, and converting...
WordPress plugin Everest Forms 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
📄 WordPress Kali Forms 2.4.9 Remote Code Execution
WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability. ================================================================================================================================== | Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment | ...
Fedora 43 : chromium (2026-d3c82235d4)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d3c82235d4 advisory. Update to 147.0.7727.101 Critical CVE-2026-6296: Heap buffer overflow in ANGLE Critical CVE-2026-6297: Use after free in Proxy Critical CVE-2026-629...
Chromium: CVE-2026-6316 Use after free in Forms
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin <= 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability
WordPress Fluent Forms - Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin = 6.1.21 - Insecure Direct Object Reference in Stripe SCA Confirmation to Unauthenticated Payment Status Modification vulnerability discovered by Prickly Cactus in WordPress Plugin FluentForm...