Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 CVSS score: 9.8, a remote code execution...

PT-2026-42199

A flaw was found in Keycloak. The cross-session verification proof is keyed only by local userId, idpAlias and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account...

CVE-2026-44284 FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution

FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected internal/private network URLs, but the MCP tool create/update endpoints could still save an internal...

CVE-2026-0797 GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

CVE-2022-38979

The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality...

CodeAstro Real Estate Management System SQL注入漏洞

CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which stems from incorrect manipulation of parameters in the file /admin/userbuilderdelete.php, which could lead ...

EUVD-2020-0028

Malware in sbrugna...

EUVD-2021-26880

Malware in sbrugna...

EUVD-2017-2596

Malware in sbrugna...

EUVD-2022-5591

Malicious code in bioql PyPI...

CVE-2025-58873

CVE-2025-58873 affects the WordPress plugin Pushe Web Push Notification (versions up to 0.5.0). The issue is a Stored XSS caused by improper input neutralization during web page generation, enabling XSS via user-supplied data. Public sources provide the root cause and affected versions but do not...

Linux Distros Unpatched Vulnerability : CVE-2021-2475

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.28. Easily...

PT-2025-33318 · Cisco · Cisco Secure Firewall Management Center (Fmc)

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A flaw exists in the web-based management interface of Cisco Secure Firewall Management Center FMC Software that could allow a remote attacker...

Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x5j-vhc8-9cwm. This link is maintained to preserve external references. Original Description A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to...

PT-2025-30868

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ALSA subsystem related to the ad1816a driver. A potential NULL pointer dereference exists in the snd card ad1816a pnp function. The issue is...

CVE-2022-1663

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

PT-2025-18208 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak, specifically in the org.keycloak.authorization package, which may be vulnerable to circumventing required actions. This allows users to bypass requirements su...

CVE-2025-32911 Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value

A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

PT-2025-29038

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was identified in the Linux kernel's perf subsystem, specifically within the arm-ni component. The issue stems from a missing call to platform set drvdata in the arm ni probe...

PT-2025-13262

Name of the Vulnerable Software and Affected Versions gnuplot affected versions not specified Description A flaw was found in the software, specifically in the X11 graphics function, which may lead to a segmentation fault and cause a system crash. Recommendations At the moment, there is no...