Lucene search
K

85803 matches found

Circl
Circl
added yesterday8 views

GHSA-PHRQ-PC6R-F6GH

creationtimestamp| type| source ---|---|--- 2026-07-12 13:00:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87589 2026-07-13 00:00:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87589...

6.1AI score
Exploits0References1
Circl
Circl
added yesterday6 views

CVE-2020-10567

creationtimestamp| type| source ---|---|--- 2026-07-12 11:00:03+00:00| seen| https://t.me/GithubRedTeam/87991 2026-07-13 00:00:45+00:00| seen| https://t.me/GithubRedTeam/87991...

9.8CVSS7AI score0.1929EPSS
Exploits5References1
Circl
Circl
added yesterday9 views

CVE-2019-10760

creationtimestamp| type| source ---|---|--- 2026-07-12 07:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/88242 2026-07-13 00:00:49+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/88242...

9.9CVSS7AI score0.02852EPSS
Exploits0References1
Circl
Circl
added yesterday6 views

CVE-2024-1065

creationtimestamp| type| source ---|---|--- 2026-07-12 06:00:04+00:00| published-proof-of-concept| https://t.me/cKure/16512 2026-07-12 07:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/88211 2026-07-13 00:00:49+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/882...

5.9CVSS6.4AI score0.0021EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-7620

CVE-2026-7620 affects the WordPress plugin Notification for Telegram (versions up to 3.5.1). The issue is an authorization bypass that allows authenticated attackers with subscriber-level access and above to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthori...

4.3CVSS6AI score0.00272EPSS
Exploits0References11
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43131

The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS6AI score0.00272EPSS
Exploits0References11
CVE
CVE
added 3 days ago8 views

CVE-2026-59155

Nezha Monitoring (self-hosted) had a credential exposure flaw prior to version 2.2.5. The GET endpoints /api/v1/ddns and /api/v1/notification returned full resource objects that included plaintext third-party API credentials (Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram ...

6.9CVSS6.1AI score0.00304EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in stella-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0c3ed879ef15a68d537ad7b6ddb59508aba58eee49c8ca19b916ef59a0c2da6 stella-cli/telegram-bot.mjs hardcodes a Telegram bot API token BOTTOKEN = "8923551485:AAFw4wG8ZwOtp5rzFsnguxhu4AH-2ebSi0" that is controlled by the...

6.2AI score
Exploits0References7
NVD
NVD
added 3 days ago11 views

CVE-2026-15298

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS0.00314EPSS
Exploits0References8
CVE
CVE
added 3 days ago7 views

CVE-2026-15298

The TelSender WordPress plugin (

7.2CVSS6AI score0.00314EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42805

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6AI score0.00314EPSS
Exploits0References8
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-15298 TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS0.00314EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-15298

The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...

7.2CVSS6AI score0.00314EPSS
Exploits0References9
Circl
Circl
added 4 days ago7 views

CVE-2021-28133

creationtimestamp| type| source ---|---|--- 2026-07-09 23:00:03+00:00| seen| Telegram/faoHppRwIlCS4bU-FDor3oyE0-orUb1-sGk1UcKelvuA 2026-07-10 00:00:10+00:00| seen| Telegram/faoHppRwIlCS4bU-FDor3oyE0-orUb1-sGk1UcKelvuA 2026-07-11 09:00:05+00:00| seen|...

4.3CVSS6.2AI score0.16289EPSS
Exploits2
Circl
Circl
added 4 days ago9 views

CVE-2025-4798

creationtimestamp| type| source ---|---|--- 2026-07-09 04:00:07+00:00| seen| https://t.me/brutsecurity/2000 2026-07-10 00:00:31+00:00| seen| https://t.me/brutsecurity/2000 2026-07-11 12:00:03+00:00| seen| https://t.me/brutsecurity/2000 2026-07-12 00:00:49+00:00| seen| https://t.me/brutsecurity/20...

4.9CVSS6.1AI score0.00355EPSS
Exploits0References1
Circl
Circl
added 4 days ago6 views

GHSA-6FX6-WRPF-CPGV

creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1014 2026-07-10 00:00:36+00:00| seen| https://t.me/brutsecurity/1014 2026-07-11 17:00:04+00:00| seen| https://t.me/brutsecurity/1014 2026-07-12 00:00:45+00:00| seen| https://t.me/brutsecurity/10...

6.1AI score
Exploits0References1
Circl
Circl
added 4 days ago6 views

GHSA-GV7V-RGG6-548H

creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1117 2026-07-10 00:00:35+00:00| seen| https://t.me/brutsecurity/1117 2026-07-11 16:00:02+00:00| published-proof-of-concept| https://t.me/brutsecurity/1117 2026-07-12 00:00:45+00:00|...

6.1AI score
Exploits0References1
Circl
Circl
added last week11 views

CVE-2024-28996

creationtimestamp| type| source ---|---|--- 2026-07-06 12:00:06+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-07 00:00:11+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-11 23:00:04+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-12 00:00:19+00:00| seen| https://t.me/ZerodayAlert/249...

7.5CVSS6.8AI score0.00349EPSS
Exploits0References1
Circl
Circl
added last week5 views

CVE-2024-29004

creationtimestamp| type| source ---|---|--- 2026-07-06 11:00:06+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-07 00:00:11+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-11 23:00:04+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-12 00:00:19+00:00| seen| https://t.me/ZerodayAlert/249...

7.1CVSS6.7AI score0.0032EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/07/03 1:36 p.m.8 views

Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...

7.8CVSS7.7AI score0.63102EPSS
Exploits3
Rows per page
Query Builder