Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8086 matches found

Cvelist
Cvelistadded 2026/03/06 11:4 a.m.30 views

CVE-2026-1468 Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

5.1CVSS0.00009EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/06 7:52 a.m.3 views

CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

6.5CVSS5.9AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/06 7:52 a.m.2 views

CVE-2026-2365

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS5.9AI score0.00206EPSS
Exploits0References1
Snyk
Snykadded 2026/03/06 7:14 a.m.2 views

Malicious Package

Overview ui-forms-embed-components-reporting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.4AI score
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/06 2:54 a.m.4 views

CVE-2026-29046

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

9.2CVSS6AI score0.0028EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/03/06 2:54 a.m.31 views

CVE-2026-29046 TinyWeb: HTTP Header Control Character Injection into CGI Environment

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...

9.2CVSS0.0028EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/03/06 12:0 a.m.2 views

PT-2026-23669

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...

5.1CVSS5.8AI score0.00009EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/05 1:40 p.m.1 views

CVE-2026-1674

The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization within the savegutenaformsschema function in all versions up to, and including, 1.6.0. This makes...

6.5CVSS5.8AI score0.00013EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/03/05 9:6 a.m.5 views

WordPress Fluent Forms Pro plugin <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability

Unauthenticated Stored Cross-Site Scripting via Draft Form Submission vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

7.2CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2026/03/05 7:30 a.m.3 views

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

6.5CVSS5.9AI score0.00163EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/03/05 6:30 a.m.2 views

EUVD-2026-9526

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

6.5CVSS6.1AI score0.00163EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/05 6:30 a.m.3 views

EUVD-2026-9524

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS6AI score0.00206EPSS
Exploits0References4
NVD
NVDadded 2026/03/05 4:15 a.m.1 views

CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

6.5CVSS0.00163EPSS
Exploits0References2
NVD
NVDadded 2026/03/05 4:15 a.m.2 views

CVE-2026-2365

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS0.00206EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/05 3:23 a.m.25 views

CVE-2026-2899 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

6.5CVSS0.00163EPSS
Exploits0References2
CVE
CVEadded 2026/03/05 3:23 a.m.12 views

CVE-2026-2899

CVE-2026-2899 affects the Fluent Forms Pro Add On Pack for WordPress up to version 6.1.17. The root cause is Missing Authorization in the Uploader::deleteFile() path, due to lack of nonce verification and capability checks. The AJAX action is registered via addPublicAjaxAction(), creating both wp...

6.5CVSS6.1AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/05 3:23 a.m.1 views

CVE-2026-2899 Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

6.5CVSS6.1AI score0.00163EPSS
Exploits0References2
CVE
CVEadded 2026/03/05 3:23 a.m.7 views

CVE-2026-2365

CVE-2026-2365 affects the Fluent Forms Pro WordPress plugin (versions up to and including 6.1.17). The vulnerability is Stored Cross-Site Scripting via the fluentform_step_form_save_data AJAX action, arising from a publicly accessible draft form submission endpoint without authentication or nonce...

7.2CVSS6AI score0.00206EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/05 3:23 a.m.2 views

CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS6AI score0.00206EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/05 3:23 a.m.26 views

CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS0.00206EPSS
Exploits0References3
Rows per page
Query Builder