CVE-2026-2899

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the deleteFile method in the Uploader class lacking nonce verification and capability checks. The AJAX action is registered via...

WordPress plugin Fluent Forms Pro Add On Pack 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2024-37893 MFA bypass in oauth flow in Firefly III

Firefly III is a free and open source personal finance manager. In affected versions an MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to Firefly III data using passwords stolen from...

Palo Alto PAN-OS Cross-Site Scripting Vulnerability

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...