11 matches found
Concrete CMS 安全漏洞
Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have security vulnerabilities, which stem from IDOR. These vulnerabilities could allow unauthorized attackers to submit restricted survey options through public survey endpoints...
CVE-2026-5395
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...
CVE-2026-5395 Fluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' Parameter
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...
PT-2026-40887
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.2.0 via the exportEntries function due to missing validation on a user controlled key. This mak...
CVE-2026-31245
The issue affects the mem0 1.0.0 server. The memory creation API (POST /memories) lacks authentication and authorization, allowing unauthenticated users to submit arbitrary memory records. This can lead to unauthorized data injection and potential data pollution in the database. Root cause: missi...
EUVD-2024-33439
Malicious code in bioql PyPI...
GHSA-RQ77-P4H8-4CRW gorilla/csrf CSRF vulnerability due to broken Referer validation
Summary gorilla/csrf is vulnerable to CSRF via form submission from origins that share a top level domain with the target origin. Details gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it...
CVE-2024-10580
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submitform function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submi...
CVE-2024-10580
CVE-2024-10580 concerns the Hustle – Email Marketing, Lead Generation, Optins, Popups WordPress plugin. Affected versions are all up to and including 7.8.5, where a missing capability check on the submit_form() function allows unauthenticated attackers to submit unpublished forms. Connected sourc...
PT-2024-16380 · WordPress · Hustle
Name of the Vulnerable Software and Affected Versions: Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress versions up to and including 7.8.5 Description: The issue is related to unauthorized form submissions due to a missing capability check on the submit form function...
OpenText Service Management Automation X Security Vulnerability
OpenText Service Management Automation X is advanced service management made easy by OpenText USA. Based on embedded machine learning and analytics, it provides a smarter approach to IT Service Management ITSM, IT Asset Management ITAM and Enterprise Service Management ESM. A security vulnerabili...