30181 matches found
CVE-2025-71353
creationtimestamp| type| source ---|---|--- 2026-07-04 04:38:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpsahzpup32z 2026-07-04 16:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mptgmha4ar2u...
modoboa 2.0.4 - Admin TakeOver
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...
WPMobile.App <= 11.56 - Open Redirect
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially...
Vite dev server - Cross-Site Scripting
Vite's dev server, when used with appType: 'custom' and manually invoking server.transformIndexHtml using the unmodified request URL, is vulnerable to XSS via a crafted URL payload. If the HTML being served includes an inline module script ..., an attacker can inject a script via the URL,...
Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...
Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover
Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...
WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass
Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...
OX Appsuite - Cross-Site Scripting
OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...
Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting
WPMobile.App versions up to 11.41 contain a reflected cross-site scripting XSS caused by improper input neutralization during web page generation, letting attackers execute scripts in the victim's browser, exploit requires attacker to craft malicious input. id: CVE-2024-35694 info: name: Wordpres...
CVE-2026-56015
creationtimestamp| type| source ---|---|--- 2026-07-03 14:26:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpqquiykdy2k 2026-07-03 14:57:07+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mpqslp3c2k24 2026-07-04 04:13:10+00:00| seen|...
Apache Tomcat Examples Web Application - Cross-Site Scripting
Apache Tomcat 8.5.50 to 8.5.81, 9.0.30 to 9.0.64, 10.0.0-M1 to 10.0.22, and 10.1.0-M1 to 10.1.0-M16 contain a reflected cross-site scripting caused by displaying unfiltered user data in the Form authentication example, letting attackers execute scripts in victim browsers, exploit requires attacke...
Adlisting Classified Ads 2.14.0 - Information Disclosure
Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects. id: CVE-2023-4168 info: name: Adlisting Classified Ads 2.14.0 - Information Disclosure autho...
CVE-2026-8351
creationtimestamp| type| source ---|---|--- 2026-07-03 10:03:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpqc7hkl742w 2026-07-03 20:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpreg665oi2z 2026-07-03 22:35:03+00:00| seen|...
CVE-2026-14352
creationtimestamp| type| source ---|---|--- 2026-07-03 06:27:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mppw4orvsr2t 2026-07-03 15:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpqtnpaiqq2v 2026-07-03 20:50:20+00:00| seen|...
CVE-2022-4989
creationtimestamp| type| source ---|---|--- 2026-07-03 06:08:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mppuzyti5h22 2026-07-03 19:37:43+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mprcbj4ze42w...
CVE-2026-10134
creationtimestamp| type| source ---|---|--- 2026-07-03 02:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mppjaj2iin2r 2026-07-04 02:15:17+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpryifbgxm2k...
EUVD-2026-41482
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
CVE-2026-12960
CVE-2026-12960 affects the ASUS Router Android app. The issue is an Improper Export of Android Application Components, where a local third-party app on the same device can send a crafted Intent that causes the ASUS Router App to open a specified URL. CVSS metrics indicate local access, low comple...
CVE-2026-12960
An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...
CVE-2026-45499
creationtimestamp| type| source ---|---|--- 2026-07-02 23:29:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpp6quxoyk23 2026-07-03 17:58:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpr4qdd4pd2m 2026-07-03 22:00:04+00:00| seen|...