Lucene search
K

3651 matches found

GithubExploit
GithubExploit
added 2026/06/13 6:59 a.m.92 views

metasploit-cheatsheet

Metasploit Cheatsheet A practical reference for using Metaspl...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/08 5:8 p.m.12 views

Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order

Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/08 7:39 a.m.21 views

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/07 10:16 a.m.78 views

bugbounty-toolkit

🎯 Bug Bounty Recon Toolkit Automated recon toolkit for author...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/07 1:5 a.m.57 views

robot

Good all day, my friends, I finally finished the first versio...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5790

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

5.1CVSS5.5AI score0.00258EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/04 7:39 p.m.66 views

exploit-validator

$repo Production-grade offensive security tool for Purpose...

5.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:0 a.m.13 views

Microsoft Threatening Security Researcher

An anonymous security researcher called "Nightmare Eclipse" has been publishing a series of significant security exploits against Microsoft Windows--including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/01 12:31 a.m.122 views

Exploit-Databases

💥 Exploits Database & PoC Resources Koleksi exploit databas...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/05/27 2:23 p.m.39 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:23 p.m.14 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:23 p.m.26 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 12:30 p.m.4 views

CVE-2026-5790

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

5.1CVSS5.8AI score0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 12:30 p.m.10 views

CVE-2026-5790 Stored Cross-Site Scripting (XSS) vulnerability in Stel Order

Stored Cross-Site Scripting XSS in Stel Order v3.25.1 and earlier, located at the ‘/app/FrontController’ endpoint via the ‘legalName’ and ‘employeeID’ parameters. The lack of proper input sanitization allows an attacker to inject malicious code that is persistently stored in the database. When...

5.1CVSS5.8AI score0.00258EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.8 views

Reconstruction of Personally Identifiable Information from Supervised Finetuned Models

Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...

5.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/04/28 5:49 p.m.9 views

Why Sharing a Screenshot Can Get You Jailed in the UAE

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.6 views

CVE-2026-3524

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 3:31 p.m.6 views

EUVD-2026-19231

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS5.9AI score0.00378EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 1:17 p.m.5 views

CVE-2026-3524

Mattermost Plugin Legal Hold versions =1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and delete legal hold data via crafted API requests to the plugin's endpoints. Mattermost Advisory ID:...

8.8CVSS0.00378EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/06 1:7 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to a missing return statement after a permission check in the ServeHTTP function. An attacker can gain unauthorized access to, create, download, and delete sensitive legal hold data by sending crafted API...

8.8CVSS5.8AI score0.00378EPSS
Exploits0References2
Rows per page
Query Builder