Lucene search
+L

308320 matches found

GithubExploit
GithubExploit
added yesterday8 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS6.9AI score
Exploits7
Wordfence Blog
Wordfence Blog
added yesterday6 views

PSA: WordPress Core Patched Unauthenticated Remote Code Execution Vulnerability Chain

On July 17, 2026, the WordPress Security Team released updates to WordPress core addressing two security vulnerabilities. The first is an unauthenticated SQL injection vulnerability identified as CVE-2026-60137, while the second can be chained with the SQL injection to increase its impact to...

9.1CVSS7.2AI score
Exploits7
NVD
NVD
added yesterday7 views

CVE-2026-52203

An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter...

Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-44891

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added yesterday1 views

Security Bulletin:Multiple security vulnerabilities in IBM Process Automation Manager Open Edition Starter Kit for Banking

Summary In addition to many updates of operating system level packages, Multiple vulnerabilities were addressed in IBM Process Automation Manager Open Edition Starter Kit for Banking -9.4.2 Vulnerability Details CVEID:CVE-2026-13676 DESCRIPTION: fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fai...

9.1CVSS0.62368EPSS
Exploits2Affected Software1
GithubExploit
GithubExploit
added yesterday12 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS6.8AI score
Exploits7
NVD
NVD
added yesterday4 views

CVE-2026-8056

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-60137

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

9.1CVSS
Exploits4References2
NVD
NVD
added yesterday3 views

CVE-2026-44974

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-44891 Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
EUVD
EUVD
added yesterday4 views

EUVD-2026-45316

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS5.3AI score
Exploits0References7
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-44891

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS5.3AI score
Exploits0References8Affected Software1
CVE
CVE
added yesterday39 views

CVE-2026-44891

CVE-2026-44891 affects Netty’s StompSubframeDecoder. Prior to 4.1.136.Final and 4.2.16.Final, StompSubframeDecoder does not cap total headers or cumulative size per frame; maxLineLength only bounds individual header lines. An attacker can submit many small headers that accumulate in DefaultStompH...

7.5CVSS5.3AI score
Exploits0References7
CVE
CVE
added yesterday38 views

CVE-2026-44974

CVE-2026-44974 affects the @hapi/content header parser. Before v6.0.2, Content.disposition() kept the last value for duplicate parameters while Content.type() kept the first for duplicate charset/boundary parameters, creating a parameter-smuggling primitive when duplicates are resolved inconsiste...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-44974 Parameter smuggling in @hapi/content header parser allows upload-filter bypass via duplicate parameters

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45313

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-44974

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-60137

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

9.1CVSS5.8AI score
Exploits4References3Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45279

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

9.1CVSS5.8AI score
Exploits4References2
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-60137 WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

5.9AI score
Exploits4References2
Rows per page
Query Builder