Lucene search
K

1062 matches found

Nuclei
Nuclei
added yesterday104 views

WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure

WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...

7.5CVSS7AI score0.31043EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday135 views

WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection

WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mecloadsinglepage AJAX action. An attacker can possibly obtain sensitive information, modify data, and/o...

9.8CVSS7.1AI score0.728EPSS
Exploits7References5
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.57 views

WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload

WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...

7.2CVSS7.4AI score0.88158EPSS
Exploits9References5
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-53308

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

5.5CVSS0.001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51516

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.12 Description The software fails to validate cookie names within the setCookie, serialize, and serializeSigned functions. When an application uses a user-controlled cookie name, invalid characters such as control...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.24 views

PT-2026-49241

Name of the Vulnerable Software and Affected Versions Zephyr versions prior to 4.4.1 Description The native TCP stack contains a use-after-free flaw when iterating the global connection list in the net tcp foreach function. The issue occurs because the function releases the tcp lock while invokin...

5.3CVSS6AI score0.00274EPSS
Exploits1References4
NVD
NVD
added 2026/06/10 8:16 a.m.13 views

CVE-2026-8613

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'titletag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.002EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48392

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title tag' Widget Setting in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.002EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/06/06 6:11 p.m.97 views

zero2shell-50

ZeroToShell-50 🚀 A highly curated, containerized training g...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/06/02 11:6 a.m.15 views

The Intersection of Encryption and AI

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schnei...

5.7AI score
Exploits0
HackRead
HackRead
added 2026/06/01 10:40 p.m.25 views

Why Encrypted File Sharing Is Essential for Modern Businesses

Consider the history of any recent corporate scandal, and it is quite possible to guess what the story…...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/27 10:59 a.m.120 views

Hunting-Bugs

2026 Practical Bug Bounty Guide Built on real-world experie...

5.8AI score
Exploits0
Wiz blog
Wiz blog
added 2026/05/26 12:45 p.m.22 views

State of SDLC Security 2026: How Risk Scales in Modern Development

Insights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol. Clients that use the /bpp:32 legacy GDI drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read vulnerabilities. Versions 3.5.0 and 2.11.6 address this issue. As a workaround, use modern...

9.8CVSS7.1AI score0.01922EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/16 12:0 a.m.12 views

Filter-Then-Verify: A Multiphase GNN and ModernBERT Framework for Social Engineering Detection in Email Networks

Social engineering attacks exploit human trust rather than software vulnerabilities, making them difficult to detect using conventional filters. We propose a two-stage filter-then-verify framework combining inductive Graph Neural Networks GNNs for structural anomaly detection with a co-attention...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.12 views

Widening the Gap: Exploiting LLM Quantization Via Outlier Injection

LLM quantization has become essential for memory-efficient deployment. Recent work has shown that quantization schemes can pose critical security risks: an adversary may release a model that appears benign in full precision but exhibits malicious behavior once quantized by users. However, existin...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.17 views

Backdoor Channels Hidden in Latent Space: Cryptographic Undetectability in Modern Neural Networks

Recent cryptographic results establish that neural networks can be backdoored such that no efficient algorithm can distinguish them from a clean model. These guarantees, however, have been confined to stylised architectures of limited practical relevance, leaving open whether comparable...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/11 9:0 p.m.7 views

modern-web-swiss-army-knife (>=2.7.2 <=2.7.4) potentially affected by CVE-2026-45321 via @tanstack/router-devtools (>=1.105.0 <=1.106.0)

@tanstack/router-devtools NPM version =1.105.0, =2.7.2, =2.7.4 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKROUTERDEVTOOLS-16640220...

9.6CVSS8AI score0.02342EPSS
Exploits3
Wiz blog
Wiz blog
added 2026/04/29 12:0 p.m.7 views

Modern Defensible Architecture: Resilience for the Australian Federal Government

How Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility...

5.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35876

Name of the Vulnerable Software and Affected Versions CoreDNS affected versions not specified Description A TSIG authentication bypass exists in CoreDNS affecting modern transports. TSIG Transaction Signature is a mechanism used to authenticate DNS messages. Recommendations At the moment, there i...

8.7CVSS5.2AI score0.00813EPSS
Exploits1References85
Rows per page
Query Builder