Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

WordPress Copyright Proof <=4.16 - Cross-Site-Scripting

WordPress Copyright Proof plugin 4.16 and prior contains a cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users when a specific setting is enabled. id: CVE-2022-1906...

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...

These convincing copyright notices are designed to steal Google logins

A new scam is targeting people who publish Chrome extensions. The scam arrives as an official-looking "copyright removal request" claiming your extension is about to be removed from the Chrome Web Store and that you have 48 hours to appeal. It even looks personalized. After you enter your...

CVE-2026-49382

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...

CVE-2026-49382

CVE-2026-49382 affects JetBrains IntelliJ IDEA prior to 2026.1. The issue allows code execution via template injection in the Copyright plugin. This is the concrete vulnerability described across trusted sources; no exploit details are provided in the connected documents. The core root cause is t...

CVE-2026-49382

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...

CVE-2026-49382

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...

EUVD-2026-33390

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...

CVE-2026-49382

In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin...

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1 contained security vulnerabilities, which were caused by template injection in the Copyright plugin,...

PT-2026-44962

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1 Description Code execution is possible through template injection within the Copyright plugin. Template injection occurs when untrusted input is embedded into a template and executed by the...

WordPress Dynamic Copyright Year plugin <= 1.0.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Dynamic Copyright Year versions = 1.0.4...

Fake YouTube copyright notices can steal your Google login

A convincing phishing campaign is going after YouTube creators, and if it works, attackers don't just steal your Google login. They can take over your entire Google account, including Gmail, your files, and payments, then hijack your YouTube channel and use your audience to run scams. The lure is...

lab-exploit_windows-kernel

HAK CIPTA C 2026 Team bgblose. SELURUH HAK DILINDUNGI UNDANG-U...

CVE-2023-43874

Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...

CVE-2021-31651

Cross Site Scripting XSS vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings...

CVE-2025-23870

Cross-Site Request Forgery CSRF vulnerability in wygk Copyright Safeguard Footer Notice copyright-safeguard-footer-notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through = 3.0...

Happy 23rd Birthday TaoSecurity Blog

Happy birthday TaoSecurity Blog, born on this day in 2003! The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of...

CVE-2025-62145

Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through = 2.2.0...