Lucene search
K

3672 matches found

Nuclei
Nuclei
added yesterday34 views

PHPJabbers Food Delivery Script - SQL Injection

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...

9.8CVSS7AI score0.02904EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday25 views

WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...

9.8CVSS6.6AI score0.032EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday100 views

PHPJabbers Food Delivery Script v3.0 - SQL Injection

PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. id: CVE-2023-40749 info: name: PHPJabbers Food Delivery Script v3.0 - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script v3.0 is vulnerable...

9.8CVSS7AI score0.03306EPSS
Exploits0References2
NVD
NVD
added 2 days ago3 views

CVE-2026-50427

Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago21 views

CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability

...

7.8CVSS0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-50427 Content Delivery Manager Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-50427

CVE-2026-50427 affects Content Delivery Manager. Description: use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. CVSS v3.1: 7.8 (Local, Low user interaction, Privilege Escalation, high impact on confidentiality, integrity, availability). Connected sourc...

7.8CVSS6AI score0.00188EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2 days ago4 views

Content Delivery Manager Elevation of Privilege Vulnerability

Use after free in Content Delivery Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00188EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-58406

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in the Content Delivery Manager allows an authorized local attacker to elevate privileges. Use after free is a memory corruption flaw that occurs when an application...

7.8CVSS6.5AI score0.00188EPSS
Exploits0References3
Metasploit
Metasploit
added 6 days ago21 views

FTP Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago16 views

FTP Fetch, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an FTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago19 views

FTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an FTP server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 6 days ago14 views

FTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...

6.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added last week9 views

Malicious code in express-router-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...

6.1AI score
Exploits0References4
Cvelist
Cvelist
added last week31 views

CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 8:25 p.m.1 views

GHSA-9X82-RM84-C6X7 DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN

Overview Remote Code Execution RCE is possible via Velocity Templates used by DSpace for COAR Notify/LDN messages. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. This attack is relate...

8CVSS6.2AI score
Exploits0References4
NVD
NVD
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

6.5CVSS0.00308EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 4:35 p.m.10 views

Malicious code in chai-presentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d078bac337fe2c1b76c757c29d286fc750be585db65f30f5d696038c2ea0d3a On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK and passes the response's cookie field to new Function'require',...,...

6.1AI score
Exploits0References4
CVE
CVE
added 2026/07/08 1:48 p.m.8 views

CVE-2026-56220

Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/07/03 8:3 a.m.17 views

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript .scpt file impersonating Maccy, a...

6AI score
Exploits0
Rows per page
Query Builder