279886 matches found
UBUNTU-CVE-2026-11386
An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Unsafe Deserialization - RCE React 19.0.0...
Exploit for CVE-2026-58457
CVE-2026-58457 - Unauthenticated OS Command Injection in Shenz...
aurora-earn-poc
Aurora Earn PoC A TypeScript HTTP service that reads Kraken E...
CVE-2026-44174 Kirby: Arbitrary Method Call via REST API search and collection query endpoints
Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes that were used in its collection queries, allowing attackers to include arbitrary model methods in their queries. This includes methods with sensitive data such as password...
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 6, 2026 to July 12, 2026)
Last week, there were 267 vulnerabilities disclosed in 222 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 136 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...
ArcadeDB has cross-database IDOR: /ts/*, /batch/*, Prometheus and Grafana handlers bypass authorization
About 14 HTTP handlers resolve the database path param and call getDatabase... WITHOUT user.canAccessToDatabase... and without setting the engine principal, because they extend AbstractServerHttpHandler directly instead of DatabaseAbstractHandler which holds the only per-database gate at...
GHSA-X8MG-6R4P-87PF ArcadeDB has cross-database IDOR: /ts/*, /batch/*, Prometheus and Grafana handlers bypass authorization
About 14 HTTP handlers resolve the database path param and call getDatabase... WITHOUT user.canAccessToDatabase... and without setting the engine principal, because they extend AbstractServerHttpHandler directly instead of DatabaseAbstractHandler which holds the only per-database gate at...
CVE-2026-55629
Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...
ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read
Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...
GHSA-48QW-824M-86PR ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read
Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...
GHSA-VG6X-6PG9-6QWG ArcadeDB: Read-only users can mutate database schema (incomplete fix of CVE-2026-44221)
Impact The fix for CVE-2026-44221 GHSA-fxc7-fm93-6q77 added an UPDATESCHEMA authorization check to a single schema-mutating method LocalDocumentType.createProperty. The remaining public schema mutators were left unchecked, so an authenticated identity including a read-only API token that lacks th...
ArcadeDB: Read-only users can mutate database schema (incomplete fix of CVE-2026-44221)
Impact The fix for CVE-2026-44221 GHSA-fxc7-fm93-6q77 added an UPDATESCHEMA authorization check to a single schema-mutating method LocalDocumentType.createProperty. The remaining public schema mutators were left unchecked, so an authenticated identity including a read-only API token that lacks th...
Exploit for CVE-2024-25600
BricksRCE Exploiter CVE-2024-25600 — WordPress Bricks Bui...
nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys
Impact A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify calls TrieProofNode::childindex primitives/src/trie/trieproofnode.rs:94, which unconditionally unwraps...
GHSA-46WQ-28CX-MHW4 nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys
Impact A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify calls TrieProofNode::childindex primitives/src/trie/trieproofnode.rs:94, which unconditionally unwraps...
MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks
Summary In affected versions, the default request handlers installed by the experimental tasks feature server.experimental.enabletasks did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and...
GHSA-HVRP-RF83-W775 MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks
Summary In affected versions, the default request handlers installed by the experimental tasks feature server.experimental.enabletasks did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and...
Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE
Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...
GHSA-3V79-M2CG-89WW Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE
Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...