CVE-2026-8606

A Server-Side Request Forgery (SSRF) in GitHub Enterprise Server was exposed via the security advisories package lookup endpoint, allowing an attacker to issue HTTP requests to internal services. By directing requests to an internal management service and measuring response timing, an attacker co...

EUVD-2026-9700

Missing Authorization vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

CVE-2026-28038 WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in BrainstormForce Ultimate Addons for WPBakery Page Builder ultimatevcaddons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

CVE-2026-28038

CVE-2026-28038 : WordPress plugin Ultimate Addons for WPBakery Page Builder (versions

WordPress plugin Ultimate Addons for WPBakery Page Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

PT-2026-23320

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder ultimate vc addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through = 3.21.1...

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.21.1...

CVE-2026-26068

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

CVE-2026-26068

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

CVE-2026-26068 emp3r0r Agent-Controlled Metadata to Operator RCE (tmux Command Injection)

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

CVE-2026-26068

CVE-2026-26068 concerns emp3r0r, a Linux-focused C2. Before 3.21.1, untrusted agent metadata (Transport, Hostname) accepted during check-in and interpolated into tmux shell commands executed via /bin/sh -c, enabling command injection and remote code execution on the operator host. The issue is fi...

PT-2026-7913

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1 Description emp3r0r is a command and control C2 tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process...

EUVD-2025-36063

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.1...

CVE-2025-48088 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows Stored XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.1...

EUVD-2025-34710

The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 exclusive due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions 3.21.1...

EUVD-2020-4095

Malware in sbrugna...

CVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...