106797 matches found
WordPress plugin Hostel 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-40321
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...
OpenClaw: busybox and toybox applet execution weakened exec approval binding
Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...
GHSA-2CQ5-MF3V-MX44 OpenClaw: busybox and toybox applet execution weakened exec approval binding
Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...
EUVD-2026-23494
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...
CVE-2026-40282
WeGIA web manager (used by charitable institutions) contains a Stored XSS vulnerability in versions prior to 3.6.10, exploitable by an authenticated user on the Intercorrências notification page. The attack injects JavaScript that runs when the page is accessed, enabling session hijacking and pot...
Exploit for CVE-2007-2447
Samba-CVE-2007-244...
Exploit for CVE-2007-2447
Samba CVE-2007-2447 Exploit Username Map Script Este reposi...
BadSuccessor-PoC
🛡️ Advanced BadSuccessor CVE-2025-53779 – Weaponized PoC & D...
CVE-2026-6496
A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...
Malicious code in shan-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f30fc6910fe03c53a74048a95f90fcd38db1b5317f3a3401ceb1bb9ea24fc704 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-6490 QueryMine sms GET Request Parameter deletecourse.php sql injection
A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated...
CVE-2026-28263
CVE-2026-28263 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50. It describes a cross-site scripting vulnerability that could be exploited by a high-privilege attacker with remote access, leading to script in...
Malicious code in shan-lib-poc (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f6c2f4a0560b1811eba11c9fd304f7441ab7e04f4e569e01bdfe06aba6722edb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2026-6483
CVE-2026-6483 affects Wavlink WL-WN530H4 (firmware 20220721). The flaw is in the strcat/snprintf usage in /cgi-bin/internet.cgi, enabling remote, unauthenticated command injection with high impact (confidentiality, integrity, availability). Exploitation is feasible over the network; public exploi...
Malicious code in keystackutilities (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4b76e011fdc2ff62186e932ab958f9daf671bcc8e727dcaed74441489b229468 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in express-security-policy (npm)
Package is malicious. It exfiltrates user/host info to a remote server with obfuscation, delayed execution, and error suppression via preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2828 Malicious code in express-security-policy (npm)
Package is malicious. It exfiltrates user/host info to a remote server with obfuscation, delayed execution, and error suppression via preinstall script. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...
MAL-2026-2830 Malicious code in renovate-config-doctolib (npm)
Malicious package due to data exfiltration via preinstall script, reading .npmrc, and sending data to a remote server. Few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afc7e33b7c6ea9379f973a56f94e3b8ed59f0bc746733efa7dadba31141d0cd9 The...
Malicious code in renovate-config-doctolib (npm)
Malicious package due to data exfiltration via preinstall script, reading .npmrc, and sending data to a remote server. Few published versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afc7e33b7c6ea9379f973a56f94e3b8ed59f0bc746733efa7dadba31141d0cd9 The...