Lucene search
K

1096573 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.320 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
NVD
NVD
added 25 minutes ago2 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS
Exploits0References12
GithubExploit
GithubExploit
added 1 hour ago7 views

Exploit for CVE-2026-50979

CVE-2026-50979: Authenticated Remote Code Execution in oPanel...

6.7AI score
Exploits0
Patchstack
Patchstack
added 1 hour ago2 views

WordPress Hide My WP Lite plugin <= 1.3 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Hide My WP Lite versions = 1.3...

5.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 1 hour ago3 views

WordPress UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin UsersWP versions = 1.2.65...

8.8CVSS5.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 1 hour ago2 views

WordPress Super Forms – Drag & Drop Form Builder plugin <= 6.3.313 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Super Forms versions = 6.3.313...

9.8CVSS5.9AI score
Exploits0References1Affected Software1
CVE
CVE
added 2 hours ago3 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS6AI score
Exploits0References12
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-12123 All-in-One Video Gallery <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery via 'vdl' Parameter

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS
Exploits0References12
NVD
NVD
added 2 hours ago5 views

CVE-2026-15331

A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function addurl/addpackage of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated...

5.5CVSS
Exploits0References9
NVD
NVD
added 2 hours ago5 views

CVE-2026-15332

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS
Exploits0References6
NVD
NVD
added 2 hours ago3 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS
Exploits0References9
NVD
NVD
added 2 hours ago5 views

CVE-2026-15301

The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-15290

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to blind SQL Injection via the search parameter in all versions up to, and including, 2.10.1 due to insufficient escaping on the user supplied...

7.5CVSS
Exploits0References5
NVD
NVD
added 2 hours ago4 views

CVE-2026-15289

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS
Exploits0References4
NVD
NVD
added 2 hours ago5 views

CVE-2026-15292

The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'background' parameter in the 'sudoku-sc' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS
Exploits0References5
NVD
NVD
added 2 hours ago3 views

CVE-2026-15297

The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo formely Sendinblue plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.1.77 due to insufficient input sanitization and output escaping. This makes it...

6.1CVSS
Exploits0References3
NVD
NVD
added 2 hours ago4 views

CVE-2026-15287

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 4.6.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

6.5CVSS
Exploits0References2
NVD
NVD
added 2 hours ago4 views

CVE-2026-15284

The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...

6.4CVSS
Exploits0References10
NVD
NVD
added 2 hours ago4 views

CVE-2026-15282

The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'insappuploadimageasattachment' function in all versions up to, and including, 1.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS
Exploits0References4
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-15332 zhayujie CowAgent Message Endpoint channel.py authorization

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS
Exploits0References6
Rows per page
Query Builder