Lucene search
K

145 matches found

Nuclei
Nuclei
added 2 days ago19 views

WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

9.8CVSS5.8AI score0.14608EPSS
Exploits10References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in unbound

The DNS protocol in RFC 1035 and its updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated over seconds. As a result, responses are sent in a pulsing burst, which can be considered traffic amplification in some cases. This...

7.5CVSS6.5AI score0.01729EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: Converted the raw to noinc versions of regmap functions for FIFO operations. The SC16IS7XX IC supports a burst mode for accessing FIFOs, where the initial register address is sent first $00$, followed by all th...

5.5CVSS5.8AI score0.00289EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.49 views

📄 WordPress Burst Statistics 3.4.1.1 Authentication Bypass

WordPress Burst Statistics plugin versions 3.4.0 through 3.4.1.1 authentication bypass to administrative takeover exploitation framework. ================================================================================================================================== | Title : WordPress 3.4.1.1...

9.8CVSS5.4AI score0.14608EPSS
Exploits10
Wordfence Blog
Wordfence Blog
added 2026/06/02 4:36 p.m.11 views

Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

9.8CVSS5.8AI score0.14608EPSS
Exploits10
EUVD
EUVD
added 2026/05/27 3:33 p.m.10 views

EUVD-2026-32337

In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without releasing the locality acquired earlier. Use goto outerr to ensure...

5.8AI score0.00163EPSS
Exploits0References9
NVD
NVD
added 2026/05/27 2:17 p.m.10 views

CVE-2026-45941

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of...

5.5CVSS0.00123EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.35 views

CVE-2026-45941 tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure

In the Linux kernel, the following vulnerability has been resolved: tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of...

0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/27 12:17 p.m.19 views

CVE-2026-45941

CVE-2026-45941 concerns the Linux kernel tpm_i2c_infineon locality handling. The root cause is a timeout in get_burstcount() that can return -EBUSY and cause the function to exit without releasing the locality acquired earlier in tpm_tis_i2c_send(), risking resource exhaustion. The mitigation acr...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43808

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locality leak occurs in the tpm i2c infineon component. When the get burstcount function returns -EBUSY due to a timeout, it exits immediately without releasing the locality previously...

5.4AI score0.00123EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the getburstcount function in tpm/tpmi2cinfineon. When this function returns -EBUSY due to timeout, the...

5.8AI score0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the st33zp24 TPM driver. This vulnerability occurs when the getburstcount function returns an...

5.8AI score0.00163EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/05/22 5:5 p.m.100 views

Exploit for CVE-2026-8181

CVE-2026-8181 — Burst Statistics 3.4.0 – 3.4.1.1 — Authenticat...

9.8CVSS5.9AI score0.14608EPSS
Exploits10
RedHat Linux
RedHat Linux
added 2026/05/19 1:52 p.m.12 views

unbound: DNSBomb vulnerability

A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...

7.5CVSS6.9AI score0.01729EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/19 9:14 a.m.13 views

unbound: DNSBomb vulnerability

A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...

7.5CVSS6.9AI score0.01729EPSS
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.18 views

MAL-2026-3913 Malicious code in @antv/g-compat (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.11 views

MAL-2026-4132 Malicious code in echarts-for-react (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.7 views

MAL-2026-3895 Malicious code in @antv/f2-react (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.9 views

MAL-2026-3990 Malicious code in @antv/g6-mobile (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/17 9:47 p.m.102 views

Exploit for CVE-2026-8181

CVE-2026-8181 Burst Statistics | Authentication Bypass to Admi...

9.8CVSS5.8AI score0.14608EPSS
Exploits10
Rows per page
Query Builder