18172 matches found
CVE-2026-13252
creationtimestamp| type| source ---|---|--- 2026-07-02 12:15:08+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mpnz363ygk2i 2026-07-02 22:17:33+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpp2qeyxaa2b...
CVE-2026-20243
creationtimestamp| type| source ---|---|--- 2026-07-02 09:45:20+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1941 2026-07-02 13:50:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mpo6fqhjmd2f 2026-07-02 13:55:08+00:00| seen|...
Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...
WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting
The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...
Jenkins build-metrics 1.3 - Cross-Site Scripting
Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...
WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...
WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection
WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute...
ZEROF Web Server 2.0 - Cross-Site Scripting
ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects
The following analysis presents the key findings from Kaspersky Compromise Assessment engagements performed in 2025. A compromise assessment is an independent, expert-driven service that examines whether a target network has been compromised. The service combines threat intelligence analysis...
CVE-2026-8857
creationtimestamp| type| source ---|---|--- 2026-07-01 15:57:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplv2ozox62e 2026-07-02 02:52:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmzm7zulw2q 2026-07-02 07:01:22+00:00| seen|...
CVE-2026-46227
creationtimestamp| type| source ---|---|--- 2026-07-01 15:21:17+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplsz4acbv2o 2026-07-02 07:15:17+00:00| seen| https://www.hkcert.org/security-bulletin/redhat-linux-kernel-multiple-vulnerabilities20260702...
GHSA-54JR-PMX4-5PVR vulnerabilities
Vulnerabilities for packages: firefox-esr, firefox...
CVE-2026-12577
creationtimestamp| type| source ---|---|--- 2026-07-01 09:12:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpl6fvmdgh2o 2026-07-01 09:36:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpl7pxbybt2d 2026-07-01 15:26:19+00:00| seen|...
EUVD-2026-40922
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...
CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...
CVE-2026-48276
creationtimestamp| type| source ---|---|--- 2026-07-01 02:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpkgmzkfc726 2026-07-01 09:45:03+00:00| seen| https://www.cert.dk/news/2026-07-01/Kritiske-ColdFusion-saarbarheder-aabner-for-fuld-serverovertagelse 2026-07-01 12:00:35+00:00|...
CVE-2026-10648
creationtimestamp| type| source ---|---|--- 2026-06-29 23:58:14+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphoxnxguj2q 2026-06-30 01:55:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mphvjll4t22o...
CVE-2026-57956
creationtimestamp| type| source ---|---|--- 2026-06-29 19:13:18+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mph725ba3a2w 2026-06-29 19:13:18+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mph725cpjm2n 2026-06-29 21:54:04+00:00| seen|...
CVE-2026-57955
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...