Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 CVSS score: 9.8, a remote code execution...

CVE-2026-11322

creationtimestamp| type| source ---|---|--- 2026-06-04 23:07:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mniqhz3vnc26...

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

EUVD-2026-34329

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

EUVD-2026-34327

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

Malicious code in @jagreehal/workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 84103acc1e6580ad54c7a89f1ce423e9ac0a0ca4b943879c6f80e9e46fb23fce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-50208

creationtimestamp| type| source ---|---|--- 2026-06-04 10:46:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnhh2l5poa2b...

CVE-2026-7764

creationtimestamp| type| source ---|---|--- 2026-06-04 06:37:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mngz5xiqip26...

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

CVE-2026-41860

creationtimestamp| type| source ---|---|--- 2026-06-04 03:20:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mngo5dkpkj2f 2026-06-04 04:00:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mngqeycd7q2k 2026-06-04 09:07:08+00:00| seen|...

PT-2026-46388

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

PT-2026-46389

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

PT-2026-46390

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

PT-2026-46385

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

PT-2026-46384

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

Exploit for Improper Access Control in Proftpd

OpenVAS-Vulnerability-Analysis-Incident-Response-Report Real-W...

CVE-2026-8885

creationtimestamp| type| source ---|---|--- 2026-06-03 05:15:50+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mnee4piqoh2c...

CVE-2026-9722

creationtimestamp| type| source ---|---|--- 2026-06-03 02:59:51+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mne4jjtzad2t 2026-06-03 08:15:25+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mneo5tab5z27...

CVE-2026-35482

creationtimestamp| type| source ---|---|--- 2026-06-03 00:01:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndsk2lvzu22 2026-06-03 02:43:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mne3lqz6f62q 2026-06-03 04:30:30+00:00| seen|...