That “job brief” on Google Forms could infect your device

We've identified a campaign using business-related lures, such as job interviews, project briefs, and financial document, to distribute malware, including the PureHVNC Remote Access Trojan RAT. It's not the malware that's new, but how the attack starts. Instead of the usual phishing email or fake...

CVE-2026-33035

WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's jsonencode into a JavaScript function...

CVE-2026-33035

WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's jsonencode into a JavaScript function...

VulnCheck KEV: CVE-2026-3584

The Kali Forms plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.9 via the 'formprocess' function. This is due to the 'preparepostdata' function mapping user-supplied keys directly into internal placeholder storage, combined with the use of...

PT-2026-26682

Name of the Vulnerable Software and Affected Versions Kali Forms versions prior to 2.4.9 Description The Kali Forms plugin for WordPress is susceptible to Remote Code Execution in versions up to and including 2.4.9. This is due to the prepare post data function mapping user-supplied keys directly...

WordPress plugin Kali Forms 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-33321

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

CVE-2026-33301

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

CVE-2026-33321

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

CVE-2026-33321 OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An Out-of-Band Server-Side...

CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

CVE-2026-33301

OpenEMR (before version 8.0.0.2) is affected by an arbitrary image file read via the PDF generator. The vulnerability arises in the PDF creation function where form answers are parsed as unescaped HTML, enabling an attacker with the Notes - my encounters role to cause the generated PDF to include...

EUVD-2026-13091

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...

CVE-2026-27070

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...

CVE-2026-27070 WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...

CVE-2026-27070

CVE-2026-27070 is a stored XSS vulnerability in the WordPress plugin Everest Forms Pro (affected: Everest Forms Pro

CVE-2026-27070 WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...

CVE-2026-27070

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...

PT-2026-26281

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPEverest Everest Forms Pro allows Stored XSS.This issue affects Everest Forms Pro: from n/a through 1.9.10...

WordPress plugin Everest Forms Pro 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...