Lucene search
K

25850 matches found

CVE
CVE
added 4 hours ago4 views

CVE-2026-61970

Server-Side Request Forgery SSRF vulnerability in Themeisle Auto Featured Image Auto Post Thumbnail auto-post-thumbnail allows Server Side Request Forgery.This issue affects Auto Featured Image Auto Post Thumbnail: from n/a through = 5.0.4...

4.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago5 views

CVE-2026-59516

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Room 34 Creative Services, LLC ICS Calendar ics-calendar allows Reflected XSS.This issue affects ICS Calendar: from n/a through = 12.1.1...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago6 views

CVE-2026-57810

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago10 views

CVE-2026-57772

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Inventory WP Inventory Manager wp-inventory-manager allows Blind SQL Injection.This issue affects WP Inventory Manager: from n/a through = 2.4.0...

8.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago12 views

CVE-2026-57797

Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through = 4.5.1...

4.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago6 views

CVE-2026-57734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago4 views

CVE-2026-57424

Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...

6.5CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago13 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS6.1AI score0.00648EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago23 views

Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

9.8CVSS7AI score0.0293EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago77 views

ASUS DSL-AC88U - Authentication Bypass

A vulnerability in the ASUS DSL-AC88U router permits unauthorized individuals to bypass authentication.When adding "/js/..%2f%2f" or "/images/..%2f%2e" to the requested URL, it will be recognized as passing the authentication.This vulnerability is part of a broader authentication bypass issue...

9.8CVSS7.1AI score0.43456EPSS
Exploits0References3
Circl
Circl
added yesterday12 views

CVE-2026-56271

creationtimestamp| type| source ---|---|--- 2026-07-12 12:33:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqh6qvmwwo2y 2026-07-12 12:46:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqh7hpkdws2f 2026-07-12 12:54:26+00:00| seen|...

9.8CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-43233

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS6.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57557

Name of the Vulnerable Software and Affected Versions luci-app-samba4 affected versions not specified Description An issue in the read Access Control List ACL grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with command-line...

8.8CVSS6.3AI score
Exploits0References7
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00676EPSS
Exploits0References6
Metasploit
Metasploit
added 3 days ago15 views

FTP Fetch, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an FTP server. Listen for a connection Module Options msf use payload/cmd/windows/ftp/x86/meterpreter/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 show options ...show and set options... ms...

6.2AI score
Exploits0
Metasploit
Metasploit
added 3 days ago16 views

FTP Fetch, Bind TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an FTP server. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

6.2AI score
Exploits0
Metasploit
Metasploit
added 3 days ago16 views

FTP Fetch, Windows x64 IPv6 Bind TCP Stager with UUID Support

Fetch and execute an x64 payload from an FTP server. Listen for an IPv6 connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 3 days ago18 views

FTP Fetch, Windows x64 Bind Named Pipe Stager

Fetch and execute an x64 payload from an FTP server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/peinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 3 days ago16 views

FTP Fetch

Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/windows/ftp/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show options ...show and s...

6.2AI score
Exploits0
Metasploit
Metasploit
added 3 days ago20 views

FTP Fetch

Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/windows/ftp/x64/powershellbindtcp msf payloadpowershellbindtcp show actions ...actions... msf payloadpowershellbindtcp set ACTION msf payloadpowershellbindtcp show options ...show and set options... msf...

6.2AI score
Exploits0
Rows per page
Query Builder