Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-24705
The NEX-Forms WordPress plugin prior to 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow malicious users to make a logged in admin edit arbitrary fo...
Basixonline Nex-forms
5.3
CVSSv3
CVE-2023-0085
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthen...
Wpmet Metform Elementor Contact Form Builder
NA
CVE-2008-7049
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote malicious users to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due t...
Natterchat Natterchat 1.12
Natterchat Natterchat 1.1
2 EDB exploits
NA
CVE-2001-1326
Eudora 5.1 allows remote malicious users to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker...
Qualcomm Eudora 5.1
1 EDB exploit
NA
CVE-2010-1399
WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5 up to and including 10.6 and Windows, and prior to 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote malicious users to execute arbitrary code or cause a ...
Apple Safari 4.0.1
Apple Safari 4.0.0b
Apple Safari 4.0.3
Apple Safari 4.0.2
Apple Webkit
Apple Safari
Apple Safari 4.0
Apple Safari 4.0.4
5.4
CVSSv3
CVE-2023-38694
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, ...
Umbraco Umbraco Cms
7.5
CVSSv3
CVE-2016-9838
An issue exists in components/com_users/models/registration.php in Joomla! prior to 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group m...
Joomla Joomla\\!
1 EDB exploit
1 Github repository
6.5
CVSSv3
CVE-2023-4052
The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbo...
Mozilla Firefox
Mozilla Firefox Esr
5.4
CVSSv3
CVE-2021-24168
The Easy Contact Form Pro WordPress plugin prior to 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium pr...
Easy Contact Form Pro Project Easy Contact Form Pro
9.8
CVSSv3
CVE-2021-24223
The N5 Upload Form WordPress plugin up to and including 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), howeve...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »