3658 matches found
WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution
Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...
PHPJabbers Food Delivery Script v3.0 - SQL Injection
PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. id: CVE-2023-40749 info: name: PHPJabbers Food Delivery Script v3.0 - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script v3.0 is vulnerable...
PHPJabbers Food Delivery Script - SQL Injection
PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...
FTP Fetch, Reverse TCP Stager
Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...
FTP Fetch, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an FTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...
FTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an FTP server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
FTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)
Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...
Malicious code in express-router-engine (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...
CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions
The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...
CVE-2026-58254
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...
Malicious code in chai-presentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d078bac337fe2c1b76c757c29d286fc750be585db65f30f5d696038c2ea0d3a On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK and passes the response's cookie field to new Function'require',...,...
CVE-2026-56220
Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...
PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript .scpt file impersonating Maccy, a...
CVE-2024-7598 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, eks-distro, azurefile-csi-fips, argo-cd-fips, harvester, harvester-fips, longhorn-share-manager-fips, longhorn-manager, longhorn-manager-fips, rancher-system-agent, longhorn-share-manager, rke2-runtime-fips, cluster-autoscaler-fips,...
CVE-2026-6682
CVE-2026-6682 affects FatFs in R0.16 and earlier, where in mount_volume() a multiply operation fasize *= fs->n_fats can overflow, causing an integer wrap. This overflow can lead to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. Impact described as CWE-190...
PT-2026-54924
Name of the Vulnerable Software and Affected Versions FatFS versions R0.16 and earlier Description An integer overflow occurs in the mount volume function during FAT32 processing when the operation fasize = fs-n fats wraps. This allows an attacker to control file-size metadata, resulting in unsaf...
The vulnerability of the authentication mechanism of the SAML-based NetScaler ADC controller (formerly Citrix ADC) and the NetScaler Gateway virtual environment access control system (formerly Citrix Gateway) allows a attacker to cause service interruptions.
The vulnerability of the SAML authentication mechanism for NetScaler ADC formerly Citrix ADC and the NetScaler Gateway virtual environment access control system formerly Citrix Gateway is related to reading data beyond the allowed range in memory. Exploiting this vulnerability could allow a...
EUVD-2026-40317
Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...
CVE-2026-57341
Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...
EUVD-2026-40112
Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...