Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin

On March 30th, 2026, we publicly disclosed a critical Remote Code Execution vulnerability in Everest Forms Pro, a WordPress plugin with an estimated 4,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to execute arbitrary PHP code on the server, leading to...

CVE-2026-3300

creationtimestamp| type| source ---|---|--- 2026-03-31 02:21:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mid4jgk2ha2p 2026-03-31 02:21:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mid4jw62js2r 2026-03-31 03:00:30+00:00| seen|...

CVE-2026-1775

The CVE-2026-1775 entry concerns Labkotec LID-3300IP ice detector software with a missing authentication for a critical function. An unauthenticated attacker can alter device parameters and execute operational commands by sending specially crafted packets to the device. According to the provided ...

EUVD-2014-7148

Malware in sbrugna...

EUVD-2004-0942

Malware in sbrugna...

EUVD-2004-0943

Malware in sbrugna...

EUVD-2014-7149

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-3300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users...

CVE-2023-3300

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...

CVE-2022-3300

The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2018-3300

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications component: Internal Operations. The supported version that is affected is 7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Xstore...

CVE-2013-3300

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a less than character...

CVE-2022-3300

creationtimestamp| type| source ---|---|--- 2025-05-09 19:26:27+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15831...

CVE-2025-3300

creationtimestamp| type| source ---|---|--- 2025-04-24 09:12:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13201 2025-04-24 13:03:42+00:00| seen| https://t.me/cvedetector/23658 2025-04-24 14:19:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnkvntgnrw2d 2026-04-08...

CVE-2025-3300 WPMasterToolKit (WPMTK) – All in one plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write

The WPMasterToolKit WPMTK – All in one plugin plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to read and modify the contents of arbitrary files on...

CVE-2025-3300

CVE-2025-3300 affects the WordPress plugin WPMasterToolKit (WPMTK) up to version 2.5.2. A directory traversal flaw allows an authenticated attacker with Administrator-level access to read and modify arbitrary server files, exposing sensitive information. Mitigation/Remediation: upgrade to a versi...

WordPress WPMasterToolKit (WPMTK) – All in one plugin plugin <= 2.5.2 - Authenticated (Administrator+) to Arbitrary File Read and Write vulnerability

Authenticated Administrator+ to Arbitrary File Read and Write vulnerability discovered by nquangit in WordPress Plugin WPMasterToolKit versions = 2.5.2...

CVE-2024-3300

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...

CVE-2024-3300 Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution...