CVE-2026-40098

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

CVE-2026-40488

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...

EUVD-2026-23904

OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution...

EUVD-2026-23903

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure...

CVE-2026-40488 OpenMage LTS has Customer File Upload Extension Blocklist Bypass that Leads to Remote Code Execution

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the product custom option file upload in OpenMage LTS uses an incomplete...

CVE-2026-40488

OpenMage LTS (Magento LTS) before 20.17.0 uses an incomplete blocklist (forbidden_extensions = php,exe) for custom option file uploads. This can be bypassed by using alternative PHP executable extensions such as .phtml, .phar, .php3, .php4, .php5, .php7, and .pht, allowing files to be uploaded to...

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on...

EUVD-2023-32116

Malicious code in bioql PyPI...

CVE-2023-28420

Cross-Site Request Forgery CSRF vulnerability in Leo Caseiro Custom Options Plus plugin = 1.8.1 versions...

GHSA-PQ2G-WX69-C263 Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

CVE-2023-28420

Cross-Site Request Forgery CSRF vulnerability in Leo Caseiro Custom Options Plus plugin = 1.8.1 versions...

CVE-2023-28420

Cross-Site Request Forgery CSRF vulnerability in Leo Caseiro Custom Options Plus plugin = 1.8.1 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Leo Caseiro Custom Options Plus plugin = 1.8.1 versions...

CVE-2023-28420 WordPress Custom Options Plus Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Leo Caseiro Custom Options Plus plugin = 1.8.1 versions...

CVE-2023-28420

CVE-2023-28420 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Custom Options Plus by Leo Caseiro, affecting versions ≤ 1.8.1 . The issue is a CSRF flaw that could allow unauthorized actions on behalf of an authenticated user. Public documentation lists this as...

WordPress Plugin custom-options-plus Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-21707 · WordPress · Leo Caseiro Custom Options Plus

Name of the Vulnerable Software and Affected Versions: Leo Caseiro Custom Options Plus plugin versions prior to 1.8.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

Jfscan - A Super Fast And Customisable Port Scanner, Based On Masscan And NMap

Killing features Scan with nmap fast! Allows you to scan targets with Masscan and run Nmap on discovered ports with possibility of custom options. Nmap on steroids. Allows to scan targets in multiple formats. Can output results in domain:port format. Works in stdin/stdout mode, so you can pipe...

PwnXSS - Vulnerability XSS Scanner Exploit

A powerful XSS scanner made in python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/pwn0sec/PwnXSS chmod 755 -R PwnXSS cd PwnXSS python3 pwnxss.py --help Usage Basic usage: python3 pwnxss.py -u...

XSSCon - Simple XSS Scanner Tool

Powerfull Simple XSS Scanner made with python 3.7 Installing Requirements: BeautifulSoup4 pip install bs4 requests pip install requests python 3.7 Commands: git clone https://github.com/menkrep1337/XSSCon cd XSSCon python3 xsscon.py --help Usage Basic usage: python3 xsscon.py -u...