12682 matches found
Malicious code in salesforce-vscode-slds (npm)
The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...
Malicious code in chat-adapter-zoom (npm)
The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...
CVE-2026-15155
creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5imu2qi2e 2026-07-11 07:59:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6xqk3ap2g 2026-07-11 08:00:32+00:00| seen|...
Apache ActiveMQ - Remote Code Execution
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
FTP Fetch, Linux Command Shell, Bind TCP Random Port Inline
Fetch and execute an x64 payload from an FTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2026-56688
creationtimestamp| type| source ---|---|--- 2026-07-10 12:34:10+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116895701434331747 2026-07-10 12:58:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc77o3vm427 2026-07-10 13:12:04+00:00| seen|...
CVE-2026-40009
creationtimestamp| type| source ---|---|--- 2026-07-10 11:18:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbznn7c7g26 2026-07-10 12:15:29+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-40009 2026-07-10 13:25:26+00:00| seen|...
WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...
CVE-2026-15282
creationtimestamp| type| source ---|---|--- 2026-07-10 05:16:07+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z 2026-07-11 00:00:32+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j 2026-07-13 01:01:18+00:00| seen|...
WordPress Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 1.24.1 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Mail Mint versions = 1.24.1...
WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability
SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...
WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Aimogen Pro versions = 2.8.3...
WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability
Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ProfileGrid versions = 5.9.9.6...
Server-side Request Forgery (SSRF)
Overview @better-auth/sso is a SSO plugin for Better Auth Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /sso/register and POST /sso/update-provider endpoints when attacker-controlled OIDC endpoint URLs are accepted without proper validation if...
@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints
Am I affected? Users are affected if all of the following are true: - Their application uses @better-auth/sso at a version = 0.1.0, 1.6.11 on the stable line, or any 1.7.0-beta.x on the pre-release line. - The sso plugin is added to their application's betterAuth plugins: ... array. - Any user wi...
CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper
NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...
CVE-2026-58468
NocoBase up to version 2.1.20 is affected by a server-side request forgery via the serverRequest wrapper. Authenticated administrators can craft arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Exploitation ta...
CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper
NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OIDC discovery process. An attacker can cause the service to follow malicious redirects, leading to server-side request forgery and potential exposure of Kubernetes service-account tokens by...
GO-2026-5853 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio
Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio...