Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-38145
An issue exists in Form Tools up to and including 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_resul...
Formtools Core
9.8
CVSSv3
CVE-2021-24223
The N5 Upload Form WordPress plugin up to and including 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), howeve...
9.8
CVSSv3
CVE-2018-8850
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an malicious user to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended...
Philips E-alert Firmware
9.8
CVSSv3
CVE-2018-11325
An issue exists in Joomla! Core prior to 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
Joomla Joomla\\!
8.8
CVSSv3
CVE-2024-24819
icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This i...
Icinga Icingaweb2-module-incubator
8.8
CVSSv3
CVE-2023-48292
The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an malicious user to execute ar...
Xwiki Admin Tools
8.8
CVSSv3
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and previous versions lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins maste...
Jenkins Play Framework
8.8
CVSSv3
CVE-2020-12257
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
Rconfig Rconfig 3.9.4
8.8
CVSSv3
CVE-2019-11764
Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerabili...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Canonical Ubuntu Linux 16.04
8.8
CVSSv3
CVE-2019-11757
When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, ...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Canonical Ubuntu Linux 16.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »