257 matches found
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi
CVE-2026-27886 Automated Exploit - Usage Guide What This S...
CVE-2026-7802
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
PT-2026-47033
Name of the Vulnerable Software and Affected Versions WP Captcha PRO versions prior to 5.39 Description An authentication bypass exists due to the ajax run tool AJAX handler relying only on a nonce check via check ajax referer without performing capability checks. This is combined with the create...
GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure
Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...
Shopware: Admin Account Takeover via User Recovery Hash Exposure
Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...
PT-2026-46852
Summary A low-privilege admin user with user recovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...
EUVD-2026-33455
The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...
PT-2026-45088
Name of the Vulnerable Software and Affected Versions Simple History versions prior to 5.26.1 Description The Simple History plugin for WordPress allows authenticated users with Subscriber-level permissions or higher to take over accounts. The issue exists in the event reaction endpoints...
CVE-2026-45627 Arcane: Unauthenticated reflected XSS via SVG color parameter in /api/app-images/logo enables admin account takeover
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution...
CVE-2026-10056
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
CVE-2026-7802 Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
PT-2026-44179
Name of the Vulnerable Software and Affected Versions Frontend Admin by DynamiApps versions prior to 3.29.3 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Authenticated attackers with subscriber-level...
CVE-2026-8787
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...
Exploit for CVE-2026-8181
CVE-2026-8181 — Burst Statistics 3.4.0 – 3.4.1.1 — Authenticat...
Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover
Summary The unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution lands inside a element of the embedded logo.svg, allowing an attacker to close the style block an...
GHSA-Q2PJ-8V84-9MH5 Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover
Summary The unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution lands inside a element of the embedded logo.svg, allowing an attacker to close the style block an...
Exploit for CVE-2026-8181
CVE-2026-8181 — Burst Statistics Authentication Bypass to Admi...
WordPress Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability
Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability discovered by ? in WordPress Plugin Burst Statistics versions 3.4.0-3.4.1.1...
Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic
Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...
CVE-2026-42221
Nginx UI is a web user interface for the Nginx web server. From version 2.0.0 to before version 2.3.8, an unauthenticated network attacker can claim the initial administrator account on a fresh nginx-ui instance during the first-run setup window. The public /api/install endpoint is reachable...