Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

CVE-2026-48582

creationtimestamp| type| source ---|---|--- 2026-06-19 22:13:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116779071246302173 2026-06-19 22:36:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moofqsioi72o 2026-06-22 00:46:30+00:00| seen|...

CVE-2026-50005

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

CVE-2026-50005 Brickcom Cameras Use of Default Credentials

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

CVE-2026-50005

CVE-2026-50005 affects Brickcom cameras that ship with default credentials, enabling any unauthenticated remote attacker to silently access camera feeds. The documented CVSS metrics indicate a HIGH impact with confidentiality and integrity concerns, Local attack vector, and no user interaction re...

CVE-2026-50005 Brickcom Cameras Use of Default Credentials

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

WordPress Feeds for YouTube plugin < 2.6.4 - Subscriber+ License Data Deletion vulnerability

Subscriber+ License Data Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Feeds for YouTube versions 2.6.4...

Brickcom Cameras

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information from affected premises, and obtain administrative control of the device. 2. RECOMMENDED PRACTICES...

PT-2026-48734

Name of the Vulnerable Software and Affected Versions Brickcom cameras affected versions not specified Description These cameras ship with default credentials, which allows an unauthenticated remote attacker to silently access camera feeds. Recommendations Verify and change the default credential...

PT-2026-48732

Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresses, link-local addresses, RFC 1918 private ranges, or other reserved destinations by supplying...

CVE-2026-53736

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

CVE-2026-53736 Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicatepost action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type...

CVE-2026-53736

CVE-2026-53736 affects the Easy Twitter Feeds WordPress plugin prior to 1.2.13. The issue is a cross-site request forgery in the duplicate_post action handler that lacks nonce verification. An attacker could entice an authenticated user to visit a crafted link that duplicates posts regardless of ...

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

CVE-2026-5386

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

CVE-2026-6177

The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This is due to insufficient output escaping in the CTFDisplayElements::getposttext function when rendering cached tweet text. The plugin's ctfgetmoreposts AJAX action ...

Demand-Driven Vulnerability Detection for Cloud Security Posture Management: Removing Human Rule Authoring from the Disclosure-To-Protection Critical Path

Cloud Security Posture Management CSPM systems detect known vulnerabilities by maintaining a rule set, distributing it to customers, and evaluating it against periodically-collected asset inventories. To our knowledge, in publicly documented architectures the rule set is environment-agnostic and...

CVE-2026-10122

creationtimestamp| type| source ---|---|--- 2026-05-30 17:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3jncmypj26 2026-05-30 17:38:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn3lrmkqcc27...

[SECURITY] Fedora 43 Update: haveged-1.9.22-1.fc43

A Linux entropy source using the HAVEGE algorithm Haveged is a user space entropy daemon which is not dependent upon the standard mechanisms for harvesting randomness for the system entropy pool. This is important in systems with high entropy needs or limited user interaction e.g. headless server...