Lucene search
+L

136180 matches found

GithubExploit
GithubExploit
added 44 minutes ago0 views

wp2shell_stock_chain

wp2shell stock-core chain Authorized-testing proof of concept...

Exploits0
GithubExploit
GithubExploit
added 2 hours ago7 views

Exploit for CVE-2026-63030

wp2shellscanner !smokehttps://github.com/zi3lak/wp2shell...

9.8CVSS6.7AI score
Exploits22
GithubExploit
GithubExploit
added 2 hours ago9 views

wp2shell

wp2shell WordPress REST batch route-confusion blind SQL injec...

9.8CVSS5.9AI score
Exploits22
Imperva Blog
Imperva Blog
added 3 hours ago6 views

Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core

TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...

9.8CVSS6.8AI score
Exploits22
GithubExploit
GithubExploit
added 3 hours ago11 views

Exploit for CVE-2026-60137

wp2shell Pre-authentication Remote Code Execution against Wor...

9.8CVSS5.8AI score
Exploits22
GithubExploit
GithubExploit
added 4 hours ago5 views

Exploit for CVE-2026-63030

wp2r00t - WordPress REST Batch Route-Confusion SQLi PoC A sel...

9.8CVSS6.4AI score
Exploits22
NVD
NVD
added 4 hours ago7 views

CVE-2026-16123

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 5 hours ago2 views

CVE-2026-16123

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS6.2AI score
Exploits0References7Affected Software1
CVE
CVE
added 5 hours ago8 views

CVE-2026-16123

The vulnerability CVE-2026-16123 affects nextlevelbuilder GoClaw up to version 3.13.2. It resides in ToolsInvokeHandler.ServeHTTP (internal/http/tools_invoke.go, Invoke Endpoint) and is caused by a manipulation that leads to missing authorization. This allows remote exploitation, with a public ex...

6.5CVSS6.3AI score
Exploits0References7
Cvelist
Cvelist
added 5 hours ago10 views

CVE-2026-16123 nextlevelbuilder GoClaw Invoke Endpoint tools_invoke.go ToolsInvokeHandler.ServeHTTP authorization

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS
Exploits0References7
EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-45384

A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/toolsinvoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated...

6.5CVSS6.3AI score
Exploits0References7
NVD
NVD
added 5 hours ago7 views

CVE-2026-9323

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS
Exploits0References6
NVD
NVD
added 5 hours ago5 views

CVE-2026-16119

A vulnerability was found in nextlevelbuilder GoClaw up to 3.13.2. This affects the function RequestApproval of the file internal/tools/execapproval.go of the component WebSocket Approval Endpoint. Performing a manipulation results in incorrect authorization. The attack is possible to be carried...

6.5CVSS
Exploits0References7
NVD
NVD
added 5 hours ago6 views

CVE-2026-11826

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS
Exploits0References4
NVD
NVD
added 5 hours ago4 views

CVE-2025-71391

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instan...

7.1CVSS
Exploits0References2
GithubExploit
GithubExploit
added 6 hours ago15 views

Exploit for CVE-2026-60137

CVE-2026-63030 + CVE-2026-60137 - “wp2shell”: unauthenticated...

9.8CVSS6.9AI score
Exploits22
GithubExploit
GithubExploit
added 6 hours ago16 views

Exploit for CVE-2026-63030

wp2shell CVE-2026-63030 / CVE-2026-60137 PoC for an unaut...

9.8CVSS6.2AI score
Exploits22
ATTACKERKB
ATTACKERKB
added 6 hours ago4 views

CVE-2026-9323

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS6AI score
Exploits0References7
CVE
CVE
added 6 hours ago7 views

CVE-2026-9323

The CVE-2026-9323 issue affects the urwid web display backend (urwid/display/web.py), where web session IDs (urwid_id) are created by concatenating two random.randrange(10**9) calls that rely on Python’s Mersenne Twister PRNG. This is not cryptographically secure. An observer collecting ~334 sess...

9.2CVSS6AI score
Exploits0References6
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-9323 Insecure PRNG and Information Exposure in urwid Web Display Backend

The urwid web display backend urwid/display/web.py generates web session identifiers urwidid in Screen.start by concatenating two random.randrange109 calls that use Python's Mersenne Twister PRNG, which is not cryptographically secure. Each call consumes approximately 30 bits of PRNG state, and t...

9.2CVSS
Exploits0References6
Rows per page
Query Builder