CVE-2026-26291

GROWI prior to or including v7.4.6 is affected by a stored cross-site scripting vulnerability (CVE-2026-26291). The issue allows an arbitrary script to run in a victim’s browser if exploited. According to the description, this is a stored XSS affecting users, with CVSS scores: AV:N/AC:L/PR:L/UI:A...

Ubuntu: Security Advisory (USN-8169-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-39628

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

CVE-2026-40040

Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute th...

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-6227

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the blockname parameter of the /wp-json/backwpup/v1/getblock REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive strreplace sanitization of path traversal sequences. This makes it possible for...

CVE-2026-6179

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...

CVE-2026-6179

CVE-2026-6179 concerns a stored cross-site scripting (XSS) vulnerability in NightWolf Penetration Testing Platform. The affected entry states that an attacker can trigger and run malicious script in a user’s browser due to a stored XSS flaw, enabling impact on user-side confidentiality and integr...

CVE-2026-6179

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...

PT-2026-32229

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...

NightWolf Penetration Testing Platform 安全漏洞

NightWolf Penetration Testing Platform is an open-source cybersecurity testing tool developed by NightWolf. It is designed specifically for red teams and penetration testers, used for vulnerability exploitation, privilege escalation, and lateral movement testing. The NightWolf Penetration Testing...

PT-2026-32494

Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute th...

cyber-punk

Cyber Punk Security Vulnerability Scanner A Claude Code plu...

Exploit for Improper Neutralization of Special Elements in Data Query Logic in Facturascripts

CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER...

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

Cross-site Scripting (XSS)

Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the streamKey configuration parameter on the streaming server-side. An attacker can execute arbitrary JavaScript code in the context of the rendered pa...

Malicious code in @genoma-ui/components (npm)

Malicious package detected. It uses pre/post install scripts to download/execute code and exfiltrate user data via curl from a hardcoded IP. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fb9acd5bf2a73c82be9ac19b7c0cad285cfea2a4b6ff69655f61e7e4a0c26c The...

MAL-2026-2823 Malicious code in @genoma-ui/components (npm)

Malicious package detected. It uses pre/post install scripts to download/execute code and exfiltrate user data via curl from a hardcoded IP. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5fb9acd5bf2a73c82be9ac19b7c0cad285cfea2a4b6ff69655f61e7e4a0c26c The...

EUVD-2026-21095

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...