12607 matches found
Security Bulletin: IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability (CVE-2026-11714)
Summary IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details CVEID:CVE-2026-11714 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-sid...
EUVD-2026-43537
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...
Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass
Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...
Malicious code in chat-adapter-zoom (npm)
The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...
Malicious code in salesforce-vscode-slds (npm)
The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...
CVE-2026-15155
creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5imu2qi2e 2026-07-11 07:59:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6xqk3ap2g 2026-07-11 08:00:32+00:00| seen|...
Apache ActiveMQ - Remote Code Execution
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
FTP Fetch, Linux Command Shell, Bind TCP Random Port Inline
Fetch and execute an x64 payload from an FTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/ftp/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show action...
CVE-2026-56688
creationtimestamp| type| source ---|---|--- 2026-07-10 12:34:10+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116895701434331747 2026-07-10 12:58:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc77o3vm427 2026-07-10 13:12:04+00:00| seen|...
CVE-2026-40009
creationtimestamp| type| source ---|---|--- 2026-07-10 11:18:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbznn7c7g26 2026-07-10 12:15:29+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-40009 2026-07-10 13:25:26+00:00| seen|...
WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...
CVE-2026-15282
creationtimestamp| type| source ---|---|--- 2026-07-10 05:16:07+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z 2026-07-11 00:00:32+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j 2026-07-13 01:01:18+00:00| seen|...
WordPress Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 1.24.1 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Mail Mint versions = 1.24.1...
WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...
WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Aimogen Pro versions = 2.8.3...
WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ProfileGrid versions = 5.9.9.6...
CVE-2026-58468
NocoBase up to version 2.1.20 is affected by a server-side request forgery via the serverRequest wrapper. Authenticated administrators can craft arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Exploitation ta...
GO-2026-5853 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio
Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio...
PT-2026-56298
Name of the Vulnerable Software and Affected Versions @better-auth/sso versions 0.1.0 through 1.6.10 @better-auth/sso versions 1.7.0-beta.x Description An SSRF flaw exists in the provider registration flow where OpenID Connect OIDC endpoint URLs are accepted without proper validation. When...
WordPress ChatBot plugin <= 8.3.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin ChatBot versions = 8.3.7...