Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the scanner.py deserialization scanning logic. An attacker can achieve remote code execution by crafting ...

📄 Next.js 13.5.9 Middleware Bypass Scanner

This is an authorization bypass scanner for Next.js versions 13.5.9 and below. A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests...

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 19, 2026 to January 25, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

RHEL 9 : gimp (RHSA-2026:1587)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1587 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox,...

InvisibleJS Detection and Analysis Scanner

InvisibleJS is an obfuscation technique that hides JavaScript source code using zero‑width Unicode characters, making files appear empty while still executing at runtime via eval or dynamic import with data: URIs. Although visually deceptive, this method provides no real cryptographic protection...

Malicious Package

Overview gcp-scanner-visualizer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Burp Suite 2025.12.4 Extension Advanced ReDoS Detector

This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...

JavaScript Sensitive Information Disclosure Scanner

This tool performs automated crawling and heuristic scanning of JavaScript files linked within a target website. It identifies exposed secrets such as API keys, access tokens, cloud credentials, private keys, and database passwords that may be unintentionally published within frontend resources. ...

aiogithubapi (=23.11.0), authsignal (=2.0.1) +7 more potentially affected by CVE-2026-24408 via sigstore (>=2.0.0rc3 <=3.6.7)

sigstore PYPI version =2.0.0rc3, =1.50.0, =0.0.1, =0.0.6, =0.1.0, =0.19.0 Source cves: CVE-2026-24408 Source advisory: OSV:GHSA-HM8F-75XX-W2VR...

Linux Distros Unpatched Vulnerability : CVE-2026-1425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function dnsdecoderrhead/dnsdecodeSVCBHTTPS of the file...

Linux Distros Unpatched Vulnerability : CVE-2026-1418

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gftextimportsrtbifs of the file src/scenemanager/texttobifs.c of the...

📄 Juniper JunOS 23.4 Module Scanner / Exploitation Framework

This PHP script is a modular scanner and exploitation framework targeting Juniper JunOS CVE‑2023‑36846, an arbitrary file upload vulnerability due to missing authentication.. It is designed with a clear separation of responsibilities and supports single‑target testing, interactive exploitation, a...

CVE-2025-68015

Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.5...

📄 Siklu EtherHaul EH-8010 / EH-1200 Vulnerability Scanner

This PHP-based scanner safely detects an unauthenticated remote command execution vulnerability in Siklu EtherHaul EH-8010 and EH-1200 devices by sending a non-destructive encrypted probe command and validating the response. The scanner does not alter device state and is suitable for large-scale...

Linux Distros Unpatched Vulnerability : CVE-2025-67125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A signed integer overflow in docopt.cpp v0.6.2 LeafPattern::match in docoptprivate.h when merging occurrence counters e.g., default LONGMAX + first user...

CVE-2025-68015

Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.5...

CVE-2025-68015 WordPress Event Tickets with Ticket Scanner plugin <= 2.8.3 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.3...

CVE-2025-68015

CVE-2025-68015 — WordPress Event Tickets with Ticket Scanner is a code injection vulnerability in Vollstart Event Tickets with Ticket Scanner. Public sources in the Connected set confirm the issue affects Event Tickets with Ticket Scanner, specifically versions up to and including 2.8.3 (n/a thro...

CVE-2025-68015 WordPress Event Tickets with Ticket Scanner plugin <= 2.8.5 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.5...

CVE-2025-68015

Improper Control of Generation of Code 'Code Injection' vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through = 2.8.3...