Exploit for CVE-2026-41940

cPanel/WHM Auth Bypass Scanner & Exploit Tool A Go command-li...

CVE-2026-6576

CVE-2026-6576 affects liangliangyy DjangoBlog (up to version 2.1.0.0) via the WeChat Bot Interface, specifically the servermanager/api/commonapi.py CommandHandler. The root cause is a vulnerability allowing manipulation of the Source argument to achieve command injection, with remote exploitation...

CVE-2026-6576

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

PT-2026-33641

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

VulnCheck KEV: CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

PT-2026-21957

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager affected versions not specified Description Insufficient file system restrictions in Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to view sensitive information on the underlying...

CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access

Dragonfly is an open source P2P-based file distribution and image acceleration system. In versions 2.4.1-rc.0 and below, the Job API endpoints /api/v1/jobs lack JWT authentication middleware and RBAC authorization checks in the routing configuration. This allows any unauthenticated user with acce...

GHSA-J8HF-CP34-G4J7 Dragonfly Manager Job API Unauthenticated Access

Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jobs, potentially leading to resource exhaustion, information disclosure, and service disruption. Affected Products - Product: Dragonfly - Component:...

CVE-2023-53968

Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

CVE-2025-66429

An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user...

CVE-2025-66429

The CVE-2025-66429 issue affects cPanel versions 110–132, where a directory traversal in the Team Manager API can overwrite arbitrary files, enabling privilege escalation to root. Documented impact is high (CVE score 8.8). Exploitation status isn’t provided in the sources. Remediation guidance ap...

CVE-2023-53775

Screen SFT DAB 1.9.3 contains an authentication bypass due to weak session management, enabling reuse of IP-bound session identifiers to issue unauthorized requests to the userManager API and change user credentials. Concrete details from PT-2025-50526: affected version 1.9.3; attack involves byp...

CVE-2023-53775 Screen SFT DAB 1.9.3 Authentication Bypass via Session Management Weakness

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers to issue unauthorized requests to the userManager API and modify user credentials...

Server-Side Request Forgery (SSRF)

Dragonfly is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs in the Manager API and peer communication, which allows an attacker to force internal components to send requests to arbitrary or internal services, potentially...

EUVD-2021-15321

Malware in sbrugna...

EUVD-2022-15321

Malicious code in bioql PyPI...

EUVD-2025-29777

Malicious code in bioql PyPI...

EUVD-2023-2747

Malicious code in bioql PyPI...