136180 matches found
wp2shell_stock_chain
wp2shell stock-core chain Authorized-testing proof of concept...
Exploit for CVE-2026-63030
wp2shellscanner !smokehttps://github.com/zi3lak/wp2shell...
wp2shell
wp2shell WordPress REST batch route-confusion blind SQL injec...
Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core
TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...
Exploit for CVE-2026-60137
wp2shell Pre-authentication Remote Code Execution against Wor...
Exploit for CVE-2026-63030
wp2r00t - WordPress REST Batch Route-Confusion SQLi PoC A sel...
CVE-2026-16123
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...
CVE-2026-16123
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...
CVE-2026-16123
The vulnerability CVE-2026-16123 affects nextlevelbuilder GoClaw up to version 3.13.2. It resides in ToolsInvokeHandler.ServeHTTP (internal/http/tools_invoke.go, Invoke Endpoint) and is caused by a manipulation that leads to missing authorization. This allows remote exploitation, with a public ex...
CVE-2026-16123 nextlevelbuilder GoClaw Invoke Endpoint tools_invoke.go ToolsInvokeHandler.ServeHTTP authorization
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...
EUVD-2026-45384
A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...
CVE-2026-9323
The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...
CVE-2026-16119
A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...
CVE-2026-11826
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2025-71391
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...
Exploit for CVE-2026-60137
CVE-2026-63030 + CVE-2026-60137 - “wp2shell”: unauthenticated...
Exploit for CVE-2026-63030
wp2shell CVE-2026-63030 / CVE-2026-60137 PoC for an unaut...
CVE-2026-9323
The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...
CVE-2026-9323
The CVE-2026-9323 issue affects the urwid web display backend (urwid/display/web.py), where web session IDs (urwid_id) are created by concatenating two random.randrange(10**9) calls that rely on Python’s Mersenne Twister PRNG. This is not cryptographically secure. An observer collecting ~334 sess...
CVE-2026-9323 Insecure PRNG and Information Exposure in urwid Web Display Backend
The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...