IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

CVE-2026-12183

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability CWE-287 in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 administrator in response to any HTTP POST request that supplie...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Gitlab

CVE-2025-4524...

Exploit for Embedded Malicious Code in Tukaani Xz

XZ Backdoor Labs CVE-2024-3094 Safe, hands-on labs for...

Exploit for CVE-2026-11417

CVE-2026-11417-AWS-CDK-RCE Techn...

Exploit for CVE-2026-1555

CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...

CVE-2026-5513

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-44786

creationtimestamp| type| source ---|---|--- 2026-06-13 12:12:08+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mo6a2d7wgh2f...

Exploit for CVE-2026-48907

CVE-2026-48907 Description هذا الملف CVE-2025-9209.py هو أداة...

ROOT-APP-NPM-CVE-2021-3918 CVE-2021-3918 in @rootio/json-schema - Patched by Root

Root has patched CVE-2021-3918 in the @rootio/json-schema package for Root:npm. Multiple fixed versions available...

Exploit for CVE-2026-6279

C...

Exploit for CVE-2026-6279

Description This Python script is an exploit tool for CVE-2026-6...

CVE-2026-5513

The Bookly WordPress plugin (Online Scheduling and Appointment Booking System) is vulnerable to Stored XSS in versions up to 27.2 via the bookly-customer-full-name cookie due to insufficient input sanitization and output escaping. Unauthenticated attackers can inject arbitrary scripts that execut...

CVE-2026-5513 Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 - ExifTool Arbitrary Code Execution An upgrade...

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...

CVE-2026-9134

creationtimestamp| type| source ---|---|--- 2026-06-13 09:48:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo5xyvp7al2o...

CVE-2026-9109

creationtimestamp| type| source ---|---|--- 2026-06-13 09:00:25+00:00| seen| https://infosec.exchange/users/offseq/statuses/116741978443656575 2026-06-13 09:01:21+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mo5vdj745l2x 2026-06-13 09:44:36+00:00| seen|...

CVE-2026-1291

CVE-2026-1291 concerns the Meow Gallery WordPress plugin. A missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/save_shortcode allows authenticated users with Author-level access or higher to arbitrarily create or overwrite gallery shortcode records by supplying a user-cont...

EUVD-2026-36649

The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint /wp-json/meow-gallery/v1/saveshortcode in all versions up to, and including, 5.4.4 This makes it possible for authenticated attackers, with...