128092 matches found
metasploit-cheatsheet
Metasploit Cheatsheet A practical reference for using Metaspl...
Exploit for CVE-2026-22356
CVE-2026-22356 CVE-2026-22356: Jetpack CRM Path Traversal Vuln...
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...
How to Turn Images into Animated Videos with AI: A Wondershare Filmora Guide
This article was created in collaboration with Wondershare...
offensive-claude-533
Offensive Security Research Config for Claude Code !TIP...
Kernel-Exploit-Dojo-255
Kernel-Exploit-Dojo-255 CTF kernel exploitation notes, PoCs,...
Kernel-Exploit-Dojo-283
Kernel-Exploit-Dojo-283 CTF kernel exploitation notes, PoCs,...
PT-2026-49121
This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...
PT-2026-46945
Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Description An issue exists in the Envoy gateway related to HTTP/2, which can be exploited to cause a denial of service, potentially bringing down an Evonode. There have been reports of elevated activities...
RaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users
Roma, Італія, 1st June 2026, CyberNewswire...
@agenticmail/mcp Missing Authentication for Critical Function
AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...
PT-2026-45175
🔒 CyberSecurity CVE-2024-36791: Flowise RCE Exploitation — Detection and Hardening Guide "Flowise servers face critical RCE via malicious chatflow imports. Immediate patching required to…" 🔗 https://t.co/VV0BIHRBy9 CyberSecurity ThreatIntel cve zeroday patchtuesday...
SUSE CVE-2026-9986
Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
CVE-2026-4290
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...
EUVD-2026-33327
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...
CVE-2026-4290
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...
CVE-2026-4290
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the REST endpoint /wp-json/wp-travel/v1/travel-guide/{user_id} in all versions up to 10.6.0. The root cause is a check_permission() callback that unconditionally returns true and a Database::delete() call that pas...
CVE-2026-4290 WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...
CVE-2026-9986
An insufficient validation of untrusted input flaw was found in the OptimizationGuide component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513028160...
PT-2026-44859
Name of the Vulnerable Software and Affected Versions WP Travel Pro versions prior to 10.6.1 Description The plugin allows unauthenticated attackers to delete arbitrary user accounts, including administrators. This occurs via the '/wp-json/wp-travel/v1/travel-guide/user id' REST API endpoint...