320983 matches found
Exploit for CVE-2026-63030
CVE-2026-63030: WordPress Pre-Auth RCE Explained 📖 Read t...
Exploit for CVE-2026-60137
wp2shell Pre-authentication Remote Code Execution against Wor...
EUVD-2025-210483
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...
EUVD-2024-55679
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...
CVE-2025-71392
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...
CVE-2024-58363
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...
Exploit for CVE-2026-60137
CVE-2026-63030 + CVE-2026-60137 - “wp2shell”: unauthenticated...
Exploit for CVE-2026-63030
wp2shell CVE-2026-63030 / CVE-2026-60137 PoC for an unaut...
CVE-2025-71392 SurrealDB before 2.2.2 SurrealQL Injection via export
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...
CVE-2025-71392
SurrealDB prior to 2.0.5, 2.1.x prior to 2.1.5, and 2.2.x prior to 2.2.2 fails to escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a higher-privilege...
CVE-2025-71392
SurrealDB before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.2 fails to properly escape table and field names in the command-line export command. An authenticated System User with OWNER or EDITOR roles can create tables or fields with malicious names containing SurrealQL. When a...
CVE-2024-58363
SurrealDB prior to 1.5.4 contains an authentication validation flaw when a scope user switches databases with USE or the use method. If an authenticated session encounters a user identifier that exists in a different database, an attacker can impersonate an unrelated user in that database, enabli...
CVE-2024-58363
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...
CVE-2024-58363 SurrealDB before 1.5.4 Authentication Bypass via Database Switch
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...
Exploit for CVE-2026-63030
CVE-2026-63030: wp2shell WordPress Batch API Desynchronizat...
wp2shell-go
wp2shell-go A Go port of the wp2shell PoC. It targets the una...
Exploit for Missing Authentication for Critical Function in Splunk
Splunk Enterprise — CVE-2026-20253 Training Lab Splunk En...
wp2shell-PoC
wp2shell — CVE-2026-63030 + CVE-2026-60137 WordPress Pre-Auth...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.4.0 Vulnerability Details CVEID:CVE-2026-35469 DESCRIPTION: spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 fram...
deep-pentest-skill
Deep Pentest Skill !License: MIThttps://img.shields.io/bad...