CVE-2026-6206

The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.1.2 via the getpostpropertyfromquerystring function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract da...

Discourse 安全漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contain security vulnerabilities. These vulnerabilities stem...

Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts

Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...

XAMPP and PHPMyAdmin Web Security Research Playbook

This is a comprehensive security testing guide for XAMPP services. It follows a structured approach: 1 Reconnaissance and Information Gathering, 2 Initial Access Attempts, 3 Post-Authentication Exploitation. Each scenario includes realistic commands and expected outcomes for professional security...

CVE-2025-14943

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the...

Exploit for CVE-2025-54352

CVE-2025-54352 PoC Usage Steps to install and test the Wor...

EUVD-2019-3894

Malware in sbrugna...

EUVD-2024-50184

Malicious code in bioql PyPI...

EUVD-2023-57979

Malicious code in bioql PyPI...

EUVD-2024-36876

Malicious code in bioql PyPI...

CVE-2025-9078

CVE-2025-9078 affects Mattermost server versions 9.11.x, 10.5.x, 10.8.x, 10.9.x, 10.10.x where cache key validation for link metadata is flawed due to FNV-1 hashing, enabling authenticated users to access posts they are not authorized to and to poison link previews. Root cause: improper validatio...

CVE-2024-1850

The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized access, modification or deletion of posts due to a missing capability check on functions hooked by AJAX actions in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

CVE-2021-24635

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user such as subscriber to call them and 1 Get and search through title and content of Draft post, ...

CVE-2024-13430

CVE-2024-13430 affects the Page Builder: Pagelayer – Drag and Drop website builder for WordPress (

WordPress plugin Builder Shortcode Extras 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-22576 · Italtel · Italtel I-Mcs Nfv

Name of the Vulnerable Software and Affected Versions: Italtel i-MCS NFV version 12.1.0-20211215 Description: An issue was discovered that allows stored Cross-site scripting XSS to occur via POST requests. This means an attacker can inject malicious scripts into the system, which can then be...

PT-2024-27819 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions 2.6.0 through 4.1.17 Mastodon versions 4.2.0 through 4.2.9 Description: Mastodon is a self-hosted, federated microblogging platform. By crafting specific activities, an attacker can extend the audience of a post they do not...

SUSE CVE-2023-52867

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmtstatus' of size 6 could overflow, since index 'afmtidx' is checked after access...

WordPress Plugin wp-schema-pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability previously...

GenerateBlocks < 1.8.3 - Contributor+ Arbitrary Draft/Private Post Access

Description The plugin is vulnerable to Sensitive Information Exposure via Query Loop, allowing authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates...