CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

VulnCheck KEV: CVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...

CVE-2026-28038

Missing Authorization vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

EUVD-2026-9700

Missing Authorization vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

CVE-2026-28038 WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

CVE-2026-28038

CVE-2026-28038 : WordPress plugin Ultimate Addons for WPBakery Page Builder (versions

WordPress plugin Ultimate Addons for WPBakery Page Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

PT-2026-23320

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder ultimate vc addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.21.1...

CVE-2026-26068

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

CVE-2026-26068

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

CVE-2026-26068 emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

CVE-2026-26068 emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

CVE-2026-26068

CVE-2026-26068 concerns emp3r0r, a Linux-focused C2. Before 3.21.1, untrusted agent metadata (Transport, Hostname) accepted during check-in and interpolated into tmux shell commands executed via /bin/sh -c, enabling command injection and remote code execution on the operator host. The issue is fi...

emp3r0r 操作系统命令注入漏洞

emp3r0r is a Linux framework tool developed by Jimmy Mi. Versions of emp3r0r prior to 3.21.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the acceptance of untrusted proxy metadata during the check-in process, which was then inserted int...

PT-2026-7913

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1 Description emp3r0r is a command and control C2 tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process...

CVE-2025-48088

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through 3.21.1...