4852 matches found
EspoCRM <= 9.3.3 - Server-Side Request Forgery
EspoCRM = 9.3.3 contains an authenticated server-side request forgery caused by improper internal-host validation using alternative IPv4 formats in HostCheck::isNotInternalHost, letting authenticated users access internal resources via /api/v1/Attachment/fromImageUrl endpoint. id: CVE-2026-33534...
CVE-2023-43364
creationtimestamp| type| source ---|---|--- 2026-07-13 22:00:16+00:00| seen| https://t.me/GithubRedTeam/91214 2026-07-14 00:00:33+00:00| seen| https://t.me/GithubRedTeam/91214...
CVE-2026-12385
The Smart Slider 3 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1.37 via the 'keyword' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles and full content...
CVE-2026-15535
The CVE concerns AkariAsai self-rag’s retrieval_lm component. Affected code: file retrieval_lm/src/index.py, function Indexer.deserialize_from, where manipulating the argument index_meta.faiss can trigger deserialization. This may be exploitable remotely; public exploit details exist. No specific...
CVE-2019-0824
creationtimestamp| type| source ---|---|--- 2026-07-12 22:00:13+00:00| seen| https://t.me/securixykz/495 2026-07-13 00:00:37+00:00| seen| https://t.me/securixykz/495 2026-07-14 00:00:55+00:00| seen| https://t.me/securixykz/495...
FTP Fetch, Windows Disable Windows ICF, Command Shell, Bind TCP Inline
Fetch and execute an x86 payload from an FTP server. Disable the Windows ICF, then listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/ftp/x86/shellbindtcpxpfw msf payloadshellbindtcpxpfw show actions ...actions... msf payloadshellbindtcpxpfw set ACTION ms...
FTP Fetch, Bind TCP Stager (No NX or Win7)
Fetch and execute an x86 payload from an FTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/ftp/x86/patchupdllinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and se...
FTP Fetch, Windows x86 Pingback, Bind TCP Inline
Fetch and execute an x86 payload from an FTP server. Open a socket and report UUID when a connection is received Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/pingbackbindtcp msf payloadpingbackbindtcp show actions ...actions... msf payloadpingbackbindtcp set ACTION msf...
FTP Fetch, Windows Upload/Execute, Reverse TCP Stager
Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/upexec/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp...
FTP Fetch, Reverse TCP Stager (IPv6)
Fetch and execute a x86 payload from an FTP server. Connect back to attacker over IPv6 Module Options msf use payload/cmd/linux/ftp/x86/meterpreter/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show options ...sh...
[SECURITY] Fedora 44 Update: c-ares-1.34.7-1.fc44
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
CVE-2026-58304
creationtimestamp| type| source ---|---|--- 2026-07-09 11:59:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq7lgyakfq26...
CVE-2026-8650
Relative path traversal vulnerability in Progress MOVEit Transfer Admin Settings module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
EUVD-2026-42370
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer Custom Reports modules. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
CVE-2026-11903
creationtimestamp| type| source ---|---|--- 2026-07-08 17:37:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq5nvsx5n62g 2026-07-08 20:15:14+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/progress-security-advisory-av26-678 2026-07-09 11:30:31+00:00| seen|...
CVE-2026-49145
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
CVE-2026-49145
CVE-2026-49145 affects App::Ack for Perl up to version 3.10.0. The flaw arises because ack searches upward for a project .ackrc and loads its options; the project-source blocklist did not include --files-from, allowing a project .ackrc to set --files-from to a path whose listed files ack will rea...
EUVD-2026-42288
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...
CVE-2026-49145
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...