threat
engine
.sh
Back
·
··:··
Home
/
Product
/
formtools core
Product
formtools core
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-40255
<= 7.3.0
AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions prior to
6.1
MEDIUM
CVE-2023-5192
< 10.3.0
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.
6.5
MEDIUM
CVE-2023-25575
>= 2.6.0 and < 2.7.10
API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `secu
7.7
HIGH
CVE-2022-29777
<= 6.1.0.26
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the compone
9.8
CRITICAL
CVE-2022-29776
<= 6.1.0.26
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the compon
9.8
CRITICAL
CVE-2021-38145
<= 3.0.20
An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged
9.8
CRITICAL
CVE-2021-38144
<= 3.0.20
An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via th
5.4
MEDIUM
CVE-2021-38143
<= 3.0.20
An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the cus
6.1
MEDIUM
CVE-2020-15235
<= 41edf92
In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hi
5.9
MEDIUM
CVE-2020-15507
<= 10.6
An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3,
7.5
HIGH
CVE-2020-15506
<= 10.6
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2,
9.8
CRITICAL
CVE-2020-15505
< 10.3.0.4
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2,
9.8
CRITICAL
CVE-2019-1000011
>= 2.2.0 and <= 2.3.5
API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can r
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin