4989 matches found
CVE-2026-6803 AI Chatbot & Workflow Automation by AIWU <= 1.4.12 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via AJAX Actions 'removeGroup' and 'clear'
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...
EUVD-2026-43090
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...
EUVD-2026-43093
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...
EUVD-2026-43091
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...
EUVD-2026-43089
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-15087
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...
CVE-2026-11915
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...
CVE-2026-11915
The CVE-2026-11915 entry concerns Drupal Brute force attack protection where a vulnerability exists in the Brute force attack protection module affecting versions . . The NVD/NVDC and related records describe the issue as a vulnerability in the Drupal brute-force protection mechanism with impact ...
FTP Fetch, Windows Command Shell, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Spawn a piped command shell staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source:...
FTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options...
FTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...
FTP Fetch, Windows Upload/Execute, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source:...
FTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...
FTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule...
FTP Fetch, Windows shellcode stage, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
FTP Fetch, Reverse All-Port TCP Stager
Fetch and execute an x86 payload from an FTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options...
CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
CVE-2026-56765
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...
CVE-2026-56765 Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR
Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...
CVE-2026-11992 Easy Appointments <= 3.12.27 - Missing Authorization to Authenticated (Author+) Bulk Appointment Manipulation
The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...