WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting

The Easy Forms for Mailchimp plugin before version 6.8.9 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the sqlerror parameter before outputting it back in the page when the debug option is enabled, which could allow attackers to execute...

ZEROF Web Server 2.0 - Cross-Site Scripting

ZEROF Web Server 2.0 allows /admin.back cross-site scripting. id: CVE-2022-25323 info: name: ZEROF Web Server 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description: ZEROF Web Server 2.0 allows /admin.back cross-site scripting. impact: | Successful exploitation of this...

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

WordPress Order Listener for WooCommerce <3.2.2 - SQL Injection

WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute...

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

Schools Alert Management Script - Arbitrary File Read

Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...

CVE-2026-1767

creationtimestamp| type| source ---|---|--- 2026-06-16 04:15:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moewsbzgsh2n...

CVE-2016-20081

creationtimestamp| type| source ---|---|--- 2026-06-15 16:19:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modosme33v2v...

CVE-2026-5079

creationtimestamp| type| source ---|---|--- 2026-06-15 14:11:08+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3modhmggois27 2026-06-15 16:13:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modohbamvv2h 2026-06-15 18:01:42+00:00| seen|...

CVE-2026-12217

creationtimestamp| type| source ---|---|--- 2026-06-15 04:30:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116752241414863988 2026-06-15 04:30:27+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3moch6lbnsc2i 2026-06-15 05:00:05+00:00| seen|...

CVE-2026-53470

creationtimestamp| type| source ---|---|--- 2026-06-14 23:16:13+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobvmpno5q2m 2026-06-15 16:31:52+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3modpi4b34v2k...

CVE-2025-55660

creationtimestamp| type| source ---|---|--- 2026-06-13 22:34:11+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo7csmvpjk2f...

CVE-2026-54398

creationtimestamp| type| source ---|---|--- 2026-06-13 02:14:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo56n2nt6m2j...

PT-2026-49102

Name of the Vulnerable Software and Affected Versions GPAC MP4Box version 2.4 Description A floating point exception occurs in the avidmx process function within the isomedia/isom write.c file. A floating point exception is a runtime error that happens when a program attempts an illegal arithmeti...

CVE-2026-47120

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

EUVD-2026-36593

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

Rethinking MDR as Attackers and Defenders Embrace AI

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape ha...

Malicious Package

Overview @web-3d-tool/sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...