Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Exploit DB
Exploit DBadded 2026/05/07 12:0 a.m.55 views

NocoBase 2.0.27 - VM Sandbox Escape

Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: -u -P --cmd "id"...

9.9CVSS6AI score0.07593EPSS
Exploits7
GithubExploit
GithubExploitadded 2026/04/30 3:49 a.m.55 views

wendor_labs_exploitation

Wendor Vending Machine Exploitation & Security Research Lab T...

6.2AI score
Exploits0
Cvelist
Cvelistadded 2026/02/28 6:27 a.m.23 views

CVE-2026-2471 WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. This is due to the BaseModel class constructor calling maybeunserialize on all properties retrieved...

7.5CVSS0.00384EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/01/05 6:10 p.m.127 views

SecLeak

SecLeak Assessment This repository contains the s...

6.5AI score
Exploits0
CVE
CVEadded 2025/11/26 12:30 p.m.28 views

CVE-2025-9191

CVE-2025-9191 — Houzez WordPress Theme PHP Object Injection . The Houzez theme (WordPress) is vulnerable to PHP Object Injection via deserialization in saved-search-item.php for all versions up to 4.1.6. Exploitation requires authenticated access at Subscriber level or higher; a POP chain is not ...

6.3CVSS6.6AI score0.00216EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/11/06 3:11 a.m.5 views

CVE-2025-8871

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS7.2AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/07/05 12:0 a.m.4 views

PT-2024-39061

Name of the Vulnerable Software and Affected Versions: VICIdial affected versions not specified Description: The issue allows an attacker with authenticated access as an "agent" to execute arbitrary shell commands as the "root" user. This can potentially be chained with other exploits to achieve...

10CVSS9.6AI score0.75384EPSS
Exploits7References39
The Hacker News
The Hacker Newsadded 2023/12/08 9:23 a.m.47 views

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. "A remote code execution vulnerability that is not directly exploitable in core; however, the...

8.7AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2021/06/08 12:0 a.m.68 views

CVE-2021-31201

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Recent assessments: architect00 at June 09, 2021 6:55am UTC reported: This vulnerability is abused in an exploitation chain. According to the Microsoft advisory it is abused with Adobe Acrobat CVE-2021-28550. gwillcox-...

9.6CVSS7.1AI score0.52005EPSS
In wildExploits0References2
Rows per page
Query Builder