Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2018-11041
Cloud Foundry UAA, versions later than 4.6.0 and before 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, all...
Pivotal Software Cloud Foundry Uaa-release
Pivotal Software Cloud Foundry Uaa
7.5
CVSSv2
CVE-2004-1104
Microsoft Internet Explorer 6.0 SP2 allows remote malicious users to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href&q...
Microsoft Ie 6.0
1 EDB exploit
4
CVSSv2
CVE-2006-0799
Microsoft Internet Explorer allows remote malicious users to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT subm...
Microsoft Internet Explorer 6.0.2900
4
CVSSv2
CVE-2022-32154
Dashboards in Splunk Enterprise versions prior to 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to ...
Splunk Splunk
Splunk Splunk Cloud Platform
3.6
CVSSv2
CVE-2017-7761
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted b...
Mozilla Firefox
Mozilla Firefox Esr
NA
CVE-2024-2108
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and outpu...
NA
CVE-2024-0710
The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated malicious users to tamper with the generation of a unique ID on a fo...
1 Github repository
NA
CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the proce...
Convert2rhel Project Convert2rhel -
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
9.3
CVSSv2
CVE-2009-1598
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote malicious users to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document...
Google Chrome -
9.3
CVSSv2
CVE-2009-1599
Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote malicious users to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object,...
Opera Opera Browser
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »