3672 matches found
PHPJabbers Food Delivery Script - SQL Injection
PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...
WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution
Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...
PHPJabbers Food Delivery Script v3.0 - SQL Injection
PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. id: CVE-2023-40749 info: name: PHPJabbers Food Delivery Script v3.0 - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script v3.0 is vulnerable...
CVE-2026-50427
Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally...
CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability
...
CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability
...
CVE-2026-50427
CVE-2026-50427 affects Content Delivery Manager. Description: use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVSS v3.1: 7.8 (Local, Low user interaction, Privilege Escalation, high impact on confidentiality, integrity, availability). Connected sourc...
Content Delivery Manager Elevation of Privilege Vulnerability
Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally...
PT-2026-58406
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in the Content Delivery Manager allows an authorized local attacker to elevate privileges. Use after free is a memory corruption flaw that occurs when an application...
FTP Fetch, Reverse TCP Stager
Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...
FTP Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an FTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...
FTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an FTP server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
FTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...
Malicious code in express-router-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...
CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
GHSA-9X82-RM84-C6X7 DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN
Overview Remote Code Execution RCE is possible via Velocity Templates used by DSpace for COAR Notify/LDN messages. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. This attack is relate...
CVE-2026-58254
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...
Malicious code in chai-presentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d078bac337fe2c1b76c757c29d286fc750be585db65f30f5d696038c2ea0d3a On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK and passes the response's cookie field to new Function'require',...,...
CVE-2026-56220
Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript .scpt file impersonating Maccy, a...