Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35205
The WPS Office (aka cn.wps.moffice_eng) application prior to 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a craf...
NA
CVE-2024-34706
Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from this token, or use it to ex...
NA
CVE-2024-1522
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote malicious users to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enab...
NA
CVE-2024-2108
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an image title embedded into a form in all versions up to, and including, 3.8.0 due to insufficient input sanitization and outpu...
NA
CVE-2023-37531
A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an malicious user to execute malicious javascript code into a form field of a webpage by a user with privileged access.
NA
CVE-2015-6965
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) dele...
Creative-solutions Contact Form Generator
1 EDB exploit
NA
CVE-2015-6732
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote malicious users to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form,...
Semanticforms Project Semanticforms -
NA
CVE-2015-5493
The Entityform Block module 7.x-1.x prior to 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote malicious users to obtain access to certain entityforms via unspecified vectors.
Entityform Block Project Entityform Block 7.x-1.2
Entityform Block Project Entityform Block 7.x-1.1
Entityform Block Project Entityform Block 7.x-1.x-dev
Entityform Block Project Entityform Block 7.x-1.0
NA
CVE-2015-1840
jquery_ujs.js in jquery-rails prior to 3.1.3 and 4.x prior to 4.0.4 and rails.js in jquery-ujs prior to 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote malicious users to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web...
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Rubyonrails Jquery-rails 4.0.0
Rubyonrails Jquery-rails
Rubyonrails Jquery-rails 4.0.1
Rubyonrails Jquery-ujs
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
NA
CVE-2011-1795
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome prior to 11.0.696.65 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via...
Google Chrome
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »