Lucene search
K

3658 matches found

Nuclei
Nuclei
added 13 hours ago20 views

WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...

9.8CVSS6.6AI score0.032EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago100 views

PHPJabbers Food Delivery Script v3.0 - SQL Injection

PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. id: CVE-2023-40749 info: name: PHPJabbers Food Delivery Script v3.0 - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script v3.0 is vulnerable...

9.8CVSS7AI score0.03306EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago34 views

PHPJabbers Food Delivery Script - SQL Injection

PHPJabbers Food Delivery Script 3.0 has a SQL injection SQLi vulnerability in the "q" parameter of index.php. id: CVE-2023-40748 info: name: PHPJabbers Food Delivery Script - SQL Injection author: ritikchaddha severity: critical description: | PHPJabbers Food Delivery Script 3.0 has a SQL injecti...

9.8CVSS7AI score0.02904EPSS
Exploits0References2
Metasploit
Metasploit
added 2 days ago16 views

FTP Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2 days ago13 views

FTP Fetch, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an FTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf payloadreversehttps show...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2 days ago14 views

FTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an FTP server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 2 days ago12 views

FTP Fetch, Windows shellcode stage, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an FTP server. Custom shellcode stage. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/custom/reversehttps msf payloadreversehttps show actions ...actions... msf payloadreversehttps set ACTION msf...

6.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago7 views

Malicious code in express-router-engine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49091d8e8923e3e709cebd14f01ee1617267bf3f9b6be99052603715b7cf9f70 The sole shipped file index.js is a heavily obfuscated RC4 + base64 string-array, 337-entry rotated array, control-flow flattening IIFE that executes...

6.1AI score
Exploits0References4
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-9235 DHL eCommerce (Benelux) for WooCommerce <= 2.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shipping Label Creation and Deletion via dhlpwc_label_create and dhlpwc_label_delete AJAX Actions

The DHL eCommerce Benelux for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check and missing nonce verification on the createlabel and deletelabel functions in versions up to, and including, 2.2.3. These functions are wir...

4.3CVSS0.00196EPSS
Exploits0References5
NVD
NVD
added 4 days ago6 views

CVE-2026-58254

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS0.00428EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in chai-presentation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d078bac337fe2c1b76c757c29d286fc750be585db65f30f5d696038c2ea0d3a On require, index.js issues an HTTPS GET to https://www.jsonkeeper.com/b/PC5CK and passes the response's cookie field to new Function'require',...,...

6.1AI score
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-56220

Capgo before version 12.128.2 contains an authorization bypass in the public.manifest INSERT policy that lets read-only org members insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values, which are served to devices via th...

7.1CVSS6AI score0.00203EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/07/03 8:3 a.m.17 views

PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript .scpt file impersonating Maccy, a...

6AI score
Exploits0
Chainguard
Chainguard
added 2026/07/02 2:16 p.m.10 views

CVE-2024-7598 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, eks-distro, azurefile-csi-fips, argo-cd-fips, harvester, harvester-fips, longhorn-share-manager-fips, longhorn-manager, longhorn-manager-fips, rancher-system-agent, longhorn-share-manager, rke2-runtime-fips, cluster-autoscaler-fips,...

3.1CVSS6.2AI score0.00301EPSS
Exploits0
CVE
CVE
added 2026/07/01 1:36 p.m.73 views

CVE-2026-6682

CVE-2026-6682 affects FatFs in R0.16 and earlier, where in mount_volume() a multiply operation fasize *= fs-&gt;n_fats can overflow, causing an integer wrap. This overflow can lead to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. Impact described as CWE-190...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54924

Name of the Vulnerable Software and Affected Versions FatFS versions R0.16 and earlier Description An integer overflow occurs in the mount volume function during FAT32 processing when the operation fasize = fs-n fats wraps. This allows an attacker to control file-size metadata, resulting in unsaf...

7.6CVSS7.1AI score0.0021EPSS
Exploits2References16
BDU FSTEC
BDU FSTEC
added 2026/07/01 12:0 a.m.7 views

The vulnerability of the authentication mechanism of the SAML-based NetScaler ADC controller (formerly Citrix ADC) and the NetScaler Gateway virtual environment access control system (formerly Citrix Gateway) allows a attacker to cause service interruptions.

The vulnerability of the SAML authentication mechanism for NetScaler ADC formerly Citrix ADC and the NetScaler Gateway virtual environment access control system formerly Citrix Gateway is related to reading data beyond the allowed range in memory. Exploiting this vulnerability could allow a...

9.7CVSS6.1AI score0.00502EPSS
Exploits1References3Affected Software3
EUVD
EUVD
added 2026/06/30 12:58 p.m.6 views

EUVD-2026-40317

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

6.9CVSS5.8AI score0.0041EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 3:16 p.m.9 views

CVE-2026-57341

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:36 p.m.7 views

EUVD-2026-40112

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS5.8AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder