3642 matches found
CVE-2026-1302
CVE-2026-1302 — Meta-box GalleryMeta (WordPress) is a stored cross-site scripting (XSS) vulnerability affecting versions up to 3.0.1 via admin/settings input, exploitable by authenticated users with Editor+ privileges. Impact is limited to multisite installs and sites where unfiltered_html is dis...
CVE-2026-0687 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management
The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...
CVE-2026-24571
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through = 3.0.2...
CVE-2026-24571 WordPress BOX NOW Delivery plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through = 3.0.2...
CVE-2026-24571
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through = 3.0.2...
CVE-2026-24571 WordPress BOX NOW Delivery plugin <= 3.0.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through = 3.0.2...
CVE-2026-24571
CVE-2026-24571 is a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin BOX NOW Delivery . Affected versions are listed as up to and including 3.0.2 ; the issue stems from incorrectly configured access control/security levels, potentially allowing unauthorized acce...
PT-2026-4413
Name of the Vulnerable Software and Affected Versions boxnow BOX NOW Delivery versions n/a through 3.0.2 Description An authorization issue exists in boxnow BOX NOW Delivery. The issue involves incorrectly configured access control security levels, potentially allowing unauthorized access...
WordPress plugin BOX NOW Delivery has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...
Logwatch 7.14
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems...
WordPress BOX NOW Delivery plugin <= 3.0.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin BOX NOW Delivery versions = 3.0.2...
PINA: Prompt Injection Attack against Navigation Agents
Navigation agents powered by large language models LLMs convert natural language instructions into executable plans and actions. Compared to text-based applications, their security is far more critical: a successful prompt injection attack does not just alter outputs but can directly misguide...
Pentesting-Portfolio
🔐 Pentesting Portfolio Colección personal de writeups detalla...
TrojanPraise: Jailbreak LLMs Via Benign Fine-Tuning
The demand of customized large language models LLMs has led to commercial LLMs offering black-box fine-tuning APIs, yet this convenience introduces a critical security loophole: attackers could jailbreak the LLMs by fine-tuning them with malicious data. Though this security issue has recently bee...
CVE-2021-47818 DupTerminator 1.4.5639.37199 - Denial of Service
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...
CVE-2021-47818
CVE-2021-47818 affects DupTerminator 1.4.5639.37199. The issue is a denial-of-service where inputting a long string into the Excluded text box can crash the application on Windows 10; a payload of 8000 repeated characters is cited as triggering the stop. The vulnerable component is the text-input...
CVE-2021-47818 DupTerminator 1.4.5639.37199 - Denial of Service
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...
CVE-2021-47818
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...
PT-2026-3275
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...
DupTerminator security vulnerability
DupTerminator is a file cleanup tool developed by Dmitry Borisov. Version 1.4.5639.37199 of DupTerminator contains a security vulnerability, which stems from a buffer overflow in the Excluded text box, potentially leading to a denial-of-service attack...