Lucene search
K

5695 matches found

Metasploit
Metasploit
added yesterday7 views

FTP Fetch, Windows MessageBox x64

Fetch and execute an x64 payload from an FTP server. Spawn a dialog via MessageBox using a customizable title, text & icon Module Options msf use payload/cmd/windows/ftp/x64/messagebox msf payloadmessagebox show actions ...actions... msf payloadmessagebox set ACTION msf payloadmessagebox show...

6.2AI score
Exploits0
Metasploit
Metasploit
added yesterday8 views

FTP Fetch

Fetch and execute an x86 payload from an FTP server. Module Options msf use payload/cmd/windows/ftp/x86/loadlibrary msf payloadloadlibrary show actions ...actions... msf payloadloadlibrary set ACTION msf payloadloadlibrary show options ...show and set options... msf payloadloadlibrary run...

6.2AI score
Exploits0
NVD
NVD
added yesterday6 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS0.0028EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-11992

The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.12.27. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with author-level...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References10
Nuclei
Nuclei
added yesterday58 views

AeroCMS 0.1.1 - SQL Injection

AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input. id: CVE-2022-38812 info: name: AeroCMS 0.1.1 - SQL Injection author: shivampand3y severity: medium description: | AeroCMS 0.1.1...

6.5CVSS6.8AI score0.02181EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6AI score0.01473EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in cookie-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c2bd7c1b5b363e72753401f6edebf816965a625227e6523210e4620ce9bb8a cookie-parser-js impersonates the widely used cookie-parser package: it copies TJ Holowaychuk / Doug Wilson author metadata, the description, the...

6.6AI score
Exploits0References7
NVD
NVD
added 2 days ago8 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References9
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-12428 Blocks for ACF Fields <= 1.6.2 - Missing Authorization to Authenticated (Author+) Arbitrary ACF Field Value Disclosure via 'id' Parameter

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42568

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42228

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles sourced...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-6101

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS0.00646EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS0.00646EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42041

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References10
CVE
CVE
added 4 days ago11 views

CVE-2026-6101

The CVE-2026-6101 entry affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12). The vulnerability arises from unsafe ZIP extraction in ampforwp_save_local_font() plus inadequate cleanup that omits removal of nested directories/files, enabling auth...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References10
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-33264 Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()

A bug in BaseSerialization.deserialize allowed unrestricted importstring of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossin...

0.01649EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 5 days ago8 views

Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Summary UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob payload without verifying it belongs to the workspace being built. CompleteJob runs under dbauthz.AsProvisionerd so the authorization...

8.7CVSS5.9AI score0.00508EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago10 views

PT-2026-56073

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists where the UpsertWorkspaceApp function overwrites an existing application's agent id during...

8.7CVSS5.9AI score0.00508EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/07/03 6:50 a.m.5 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References12
Rows per page
Query Builder