85803 matches found
GHSA-PHRQ-PC6R-F6GH
creationtimestamp| type| source ---|---|--- 2026-07-12 13:00:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87589 2026-07-13 00:00:43+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/87589...
CVE-2020-10567
creationtimestamp| type| source ---|---|--- 2026-07-12 11:00:03+00:00| seen| https://t.me/GithubRedTeam/87991 2026-07-13 00:00:45+00:00| seen| https://t.me/GithubRedTeam/87991...
CVE-2019-10760
creationtimestamp| type| source ---|---|--- 2026-07-12 07:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/88242 2026-07-13 00:00:49+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/88242...
CVE-2024-1065
creationtimestamp| type| source ---|---|--- 2026-07-12 06:00:04+00:00| published-proof-of-concept| https://t.me/cKure/16512 2026-07-12 07:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/88211 2026-07-13 00:00:49+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/882...
CVE-2026-7620
CVE-2026-7620 affects the WordPress plugin Notification for Telegram (versions up to 3.5.1). The issue is an authorization bypass that allows authenticated attackers with subscriber-level access and above to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthori...
EUVD-2026-43131
The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.5.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-59155
Nezha Monitoring (self-hosted) had a credential exposure flaw prior to version 2.2.5. The GET endpoints /api/v1/ddns and /api/v1/notification returned full resource objects that included plaintext third-party API credentials (Cloudflare API tokens, TencentCloud SecretKeys, Slack/Discord/Telegram ...
Malicious code in stella-coder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f0c3ed879ef15a68d537ad7b6ddb59508aba58eee49c8ca19b916ef59a0c2da6 stella-cli/telegram-bot.mjs hardcodes a Telegram bot API token BOTTOKEN = "8923551485:AAFw4wG8ZwOtp5rzFsnguxhu4AH-2ebSi0" that is controlled by the...
CVE-2026-15298
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...
CVE-2026-15298
The TelSender WordPress plugin (
EUVD-2026-42805
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...
CVE-2026-15298 TelSender <= 1.14.14 - Unauthenticated Stored Cross-Site Scripting via Telegram Chat Title
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...
CVE-2026-15298
The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versions up to, and including, 1.14.14. This is due to insufficient input sanitization when processing Telegram API responses containing attacker-controlled chat titles. This makes it possible for...
CVE-2021-28133
creationtimestamp| type| source ---|---|--- 2026-07-09 23:00:03+00:00| seen| Telegram/faoHppRwIlCS4bU-FDor3oyE0-orUb1-sGk1UcKelvuA 2026-07-10 00:00:10+00:00| seen| Telegram/faoHppRwIlCS4bU-FDor3oyE0-orUb1-sGk1UcKelvuA 2026-07-11 09:00:05+00:00| seen|...
CVE-2025-4798
creationtimestamp| type| source ---|---|--- 2026-07-09 04:00:07+00:00| seen| https://t.me/brutsecurity/2000 2026-07-10 00:00:31+00:00| seen| https://t.me/brutsecurity/2000 2026-07-11 12:00:03+00:00| seen| https://t.me/brutsecurity/2000 2026-07-12 00:00:49+00:00| seen| https://t.me/brutsecurity/20...
GHSA-6FX6-WRPF-CPGV
creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1014 2026-07-10 00:00:36+00:00| seen| https://t.me/brutsecurity/1014 2026-07-11 17:00:04+00:00| seen| https://t.me/brutsecurity/1014 2026-07-12 00:00:45+00:00| seen| https://t.me/brutsecurity/10...
GHSA-GV7V-RGG6-548H
creationtimestamp| type| source ---|---|--- 2026-07-09 03:00:12+00:00| seen| https://t.me/brutsecurity/1117 2026-07-10 00:00:35+00:00| seen| https://t.me/brutsecurity/1117 2026-07-11 16:00:02+00:00| published-proof-of-concept| https://t.me/brutsecurity/1117 2026-07-12 00:00:45+00:00|...
CVE-2024-28996
creationtimestamp| type| source ---|---|--- 2026-07-06 12:00:06+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-07 00:00:11+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-11 23:00:04+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-12 00:00:19+00:00| seen| https://t.me/ZerodayAlert/249...
CVE-2024-29004
creationtimestamp| type| source ---|---|--- 2026-07-06 11:00:06+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-07 00:00:11+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-11 23:00:04+00:00| seen| https://t.me/ZerodayAlert/249 2026-07-12 00:00:19+00:00| seen| https://t.me/ZerodayAlert/249...
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individuals with targeted...