Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `found-action`

GHSA: Unauthenticated Remote Code Execution via found-action in Dalfox Server Mode Summary When dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options —...

METATRON AI Penetration Testing

Metatron is a CLI-based AI penetration testing assistant that runs entirely on your local machine - no cloud, no API keys, no subscriptions. You give it a target IP or domain. It runs real recon tools nmap, whois, whatweb, curl, dig, nikto, feeds all results to a locally running AI model, and the...

CVE-2023-22680

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Altanic No API Amazon Affiliate plugin = 4.2.2 versions...

CVE-2025-31890

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mashi Simple Map No Api simple-map-no-api allows Stored XSS.This issue affects Simple Map No Api: from n/a through = 1.9...

CVE-2025-31890

CVE-2025-31890 affects the WordPress plugin Simple Map No Api. The connected Wordfence vulnerability listing indicates an Authenticated (Contributor+) Stored Cross-Site Scripting issue in Simple Map No Api, with the affected range up to version 1.9. The root cause is improper neutralization of in...

CVE-2025-31890 WordPress Simple Map No Api plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mashi Simple Map No Api simple-map-no-api allows Stored XSS.This issue affects Simple Map No Api: from n/a through = 1.9...

CVE-2024-13565

The Simple Map No Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-13565

The Simple Map No Api plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2023-22680

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Altanic No API Amazon Affiliate plugin = 4.2.2 versions...

CVE-2023-22680

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Altanic No API Amazon Affiliate plugin = 4.2.2 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Altanic No API Amazon Affiliate plugin = 4.2.2 versions...

CVE-2023-22680

CVE-2023-22680 affects the WordPress plugin No API Amazon Affiliate (Altanic No API Amazon Affiliate) 4.2.2 (4.4.0) with low severity. No public exploit details are provided in the connected documents. Remediation: upgrade to a version greater than 4.2.2 (e.g., 4.4.0+). If upgrading is not feasib...