📄 WordPress Burst Statistics 3.4.1.1 Authentication Bypass

WordPress Burst Statistics plugin versions 3.4.0 through 3.4.1.1 authentication bypass to administrative takeover exploitation framework. ================================================================================================================================== | Title : WordPress 3.4.1.1...

📄 Revive Adserver 6.0.6 XSS / SQL Injection / Code Execution

Revive Adserver versions 6.0.6 and below exploitation framework that targets cross site scripting, remote SQL injection, remote code execution, and various other vulnerabilities...

HackTheBox

HackTheBox — Writeups, Tooling & Exploitation Pipelines A wor...

write-up

Prototype Pollution in JavaScript: The Complete Bug Bounty Hun...

secure-software-development

Secure Software Development — Notes & Exercise Writeups Perso...

The Clock Is Already Ticking: Why Post-Quantum Cryptography Can’t Wait

There is a question I have been hearing more and more from CISOs, compliance officers, and security architects over the past year. It does not start with "we had a breach" or "we failed an audit." It starts with something that sounds almost philosophical: " Are we quantum-safe?" A year ago, that...

Linux Distros Unpatched Vulnerability : CVE-2026-44169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - mariadb - None CVE-2026-44169 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

Linux Distros Unpatched Vulnerability : CVE-2026-44168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - mariadb - None CVE-2026-44168 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

Linux Distros Unpatched Vulnerability : CVE-2026-44172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - mariadb - None CVE-2026-44172 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

Linux Distros Unpatched Vulnerability : CVE-2026-44170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - mariadb - None CVE-2026-44170 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

Linux Distros Unpatched Vulnerability : CVE-2025-15646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libhtml-gumbo-perl - None CVE-2025-15646 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

Linux Distros Unpatched Vulnerability : CVE-2026-44171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - mariadb - None CVE-2026-44171 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

Linux Distros Unpatched Vulnerability : CVE-2026-44173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - mariadb - None CVE-2026-44173 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable, In...

CVE-2026-36229

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2026-36229

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

Security Bulletin: Due to use of spring-web-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable to allows an attacker to consume available disk space.

Summary spring-web-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22740. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp...

Security Bulletin: Due to use of spring-boot-autoconfigure-3.5.13.jar, IBM Sterling Connect:Direct Web Services is vulnerable to not perform hostname verification.

Summary spring-boot-autoconfigure-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40971, CVE-2026-40974. Vulnerability Details CVEID:CVE-2026-40971 DESCRIPTION: When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname...

Security Bulletin: Due to use of spring-security-core-6.5.9.jar, IBM Sterling Connect:Direct Web Services is vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition

Summary spring-security-core-6.5.9.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22746, CVE-2026-22751. Vulnerability Details CVEID:CVE-2026-22746 DESCRIPTION: Vulnerability in Spring Spring Security. If an application is using the UserDetailsisEnabled, isAccountNonExpired, or...

Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable toDenial of Service attacks.

Summary spring-webmvc-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22745. Vulnerability Details CVEID:CVE-2026-22745 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an...

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...