700+ education and tech websites hijacked in huge ClickFix malware campaign

Attackers are abusing a critical Ghost Content Management System CMS vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running a Windows command that installs malware. These social engineering campaigns—where website...

Ghost CMS 6.19.0 - SQLi

Exploit Title: Ghost CMS 6.19.0 - SQLi Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =3D 3.24.0, = 3.24.0, = 6.19.0 Tested on: Ghost 6.16.1 CVE : CVE-2026-26980 !/usr/bin/env python3 import requests import re import sys...

📄 Ghost CMS 6.19.0 SQL Injection

Ghost CMS versions 3.24.0 through 6.19.0 suffer from a remote SQL injection vulnerability via the content API. Exploit Title: Ghost CMS Unauthenticated SQLi via Content API Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =...

CVE-2026-26980

creationtimestamp| type| source ---|---|--- 2026-02-20 02:18:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfb266mz4n2f 2026-02-20 02:18:20+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfb26hfbr72n 2026-02-20 02:18:46+00:00| seen|...

CVE-2023-26980

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. NOTE: the vendor disputes this because the attack is not feasible: the home launcher wil...

CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO...

Linux Distros Unpatched Vulnerability : CVE-2024-26980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix slab-out-of-bounds in smb2allocaterspbuf If -ProtocolId is SMB2TRANSFORMPROTONUM, smb2 request size validation could be skipped. if request size is...

CVE-2025-26980

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Stored XSS.This issue affects Wired Impact Volunteer Management: from n/a through = 2.5...

CVE-2025-26980

creationtimestamp| type| source ---|---|--- 2025-02-25 14:24:03+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5276 2025-02-25 17:22:53+00:00| seen| https://t.me/cvedetector/18877...

CVE-2025-26980 WordPress Wired Impact Volunteer Management plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Stored XSS.This issue affects Wired Impact Volunteer Management: from n/a through = 2.5...

CVE-2025-26980

CVE-2025-26980 is a stored XSS vulnerability in Wired Impact Volunteer Management. The vulnerability affects the WordPress plugin in versions up to 2.5 and is described as an Authenticated (Contributor+) Stored Cross-Site Scripting issue. The CVE entry provides a CVSS 3.1 base score of 6.5 (Mediu...

USN-6950-4: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - Block layer subsystem; - Bluetooth drivers; - Clock framework and...

Ubuntu 20.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6950-4)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6950-4 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

USN-6957-1: Linux kernel (Oracle) vulnerabilities

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to...

Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-6957-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6957-1 advisory. Benedict Schlter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious VC interrupts and...

Ubuntu: Security Advisory (USN-6950-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6918-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker...

CVE-2024-26980

creationtimestamp| type| source ---|---|--- 2024-05-14 03:25:11+00:00| published-proof-of-concept| Telegram/tc61QPI8tgGKWkSxwbM6Zcd2IBbROw0loAMHb4E0RXEMtQ...

Debian: Security Advisory (DSA-5680-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-26980

A flaw was found in the Linux kernel's ksmbd module. Improper size validation can trigger an out-of-bounds read, resulting in a denial of service...