3636 matches found
CVE-2026-11569
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...
CVE-2026-11569
CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...
CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload
A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...
CVE-2026-11345
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
CVE-2026-9471
A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...
CVE-2026-7398
A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...
CVE-2026-8941
The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...
CVE-2026-8037
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System TDS and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are...
Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting
Vulnerability description not provided...
PT-2026-46231
Name of the Vulnerable Software and Affected Versions Progress Kemp LoadMaster versions prior to 7.2.63.1 Progress Kemp LoadMaster versions prior to 7.2.54.17 Progress ADC Products affected versions not specified Progress ECS Connection Manager affected versions not specified Progress Object Scal...
Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass
A vulnerability in the delivery-limitation logical validation was reported. The vulnerability allowed bypassing the fix for CVE-2026-34916 by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...
WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels versions = 4.9.4...
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...
CVE-2026-44593
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...
Exploit for Out-of-bounds Write in Redis
Docker Operations Create a Docker container docker comp...
Windows BITS Persistence Tool
This script implements a BITS-based persistence mechanism with an embedded HTTP server and remote payload delivery for Windows...
📄 Samba SMB Printer Queue Command Injection / Remote Task Delivery
This Python script is a structured exploitation framework targeting Samba print services exposed over SMB port 445. It focuses on printer-share interaction, payload delivery testing, and command execution workflows through manipulated print job submissions. It's written to target versions 4.22.10...
aks-poc-setup
AKS Production-Grade POC Setup A comprehensive, production-re...