📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise

ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...

CVE-2026-42869 SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWTSECR...

CVE-2026-42869

SOCFortress CoPilot prior to version 0.1.57 ships a hardcoded JWT signing secret as a fallback in backend/app/auth/utils.py:28 and includes it in .env.example. If JWT_SECRET is not explicitly set (including default Docker Compose deployments), tokens are signed with this public value, allowing an...

CVE-2026-42869 SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWTSECR...

EUVD-2026-23620

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

EUVD-2026-18088

CI4MS: Stored Cross‑Site Scripting Stored XSS in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise...

CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

Summary A critical Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript cod...

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton. Before version 0.31.0.0, a Stored XSS vulnerability exists in the backend user management functionality due to inadequate input sanitization when rendering in the admin interface. This enables persistent JavaScript execution, leading to potential sessi...

CVE-2026-34571

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

EUVD-2026-17634

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

CVE-2026-23921

CVE-2026-23921 concerns a blind SQL injection in Zabbix’s API layer. A low-privilege Zabbix user with API access can target include/classes/api/CApiService.php via the sortfield parameter to perform arbitrary SQL selects. While results are not returned directly, an attacker can exfiltrate data th...

CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

Exploit for Protection Mechanism Failure in N8N

N8Scape: CVE-2025-68668 Breakdown This is my personal writeup...

SmarterMail < 100.0.9511 Auth Bypass (CVE-2026-23760)

The version of SmarterTools SmarterMail installed on the remote host is prior to 100.0.9511. It is, therefore, affected by an authentication bypass vulnerability. SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The...

PT-2026-32971

Name of the Vulnerable Software and Affected Versions XWiki Platform versions 10.4-rc-1 through 16.10.15 XWiki Platform versions 17.0.0-rc-1 through 17.4.7 XWiki Platform versions 17.5.0-rc-1 through 17.10.0 Description A reflected cross-site scripting XSS issue in the comparison view between pag...

CVE-2025-12739 Cross-Site Scripting (XSS) in Looker's Extension Loader leading to Admin Account Compromise

An attacker with viewer permissions in Looker could craft a malicious URL that, when opened by a Looker admin, would execute an attacker-supplied script. Exploitation required at least one Looker extension installed on the instance. Looker-hosted and Self-hosted were found to be vulnerable. This...

CVE-2025-5949

The Service Finder Bookings plugin for WordPress (

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...