6103 matches found
CVE-2026-5554
creationtimestamp| type| source ---|---|--- 2026-04-05 11:15:53+00:00| published-proof-of-concept| Telegram/8Kty84VYI9Md0M9SNY3xGd7cM29Jpy2z-fm4LFUn2UMmE 2026-04-05 12:14:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miqpyw73fj2n 2026-04-05 12:41:28+00:00| seen|...
CVE-2026-4896
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...
EUVD-2018-21746
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile,...
CVE-2016-20052
creationtimestamp| type| source ---|---|--- 2026-04-04 15:25:45+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mioka3avcd2o 2026-04-04 15:40:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miokztck4i2j 2026-04-14 20:07:08+00:00| seen|...
CVE-2018-25247
MyBB Like Plugin 3.0.0 contains a stored cross-site scripting vulnerability. Authenticated attackers can inject script payloads into post or thread subjects; when other users view a profile that displays the attacker's liked posts, the unsanitized subject is rendered, executing the script in the...
EUVD-2026-18999
The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4.16. This is due to a missing file name/path validation against path traversal sequences. This makes it possible for authenticated attackers, with subscriber level access and...
SQL Injection
baserCMS is vulnerable to SQL injection. The vulnerability is due to insufficient input validation in the blog post functionality, where malicious SQL may be executed in blog posts and attackers can inject crafted SQL statements to manipulate the database...
CVE-2026-34780
creationtimestamp| type| source ---|---|--- 2026-04-04 02:15:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3min62fmxe72w 2026-04-04 02:15:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3min63hbxxi2c 2026-04-04 03:15:52+00:00|...
PT-2026-30367
MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating posts or threads with unvalidated subject content. Attackers can craft post subjects containing script tags that execute when other users view the attacker's profile,...
CVE-2026-35558
creationtimestamp| type| source ---|---|--- 2026-04-03 23:21:03+00:00| published-proof-of-concept| Telegram/Y6tkTwR3TbgbLqd0XdHY3LGxaSf8SFw0ekLA3xjK-BPXbc 2026-04-04 04:00:54+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mindxhjxru25 2026-04-04 05:00:56+00:00| seen|...
CVE-2026-3880
creationtimestamp| type| source ---|---|--- 2026-04-03 13:19:05+00:00| seen| Telegram/YV8cS3UbatxDTGe0fjayhbeNknefcE-s36BQ9lt853A06hI 2026-04-04 03:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3minbomahsj2f 2026-04-04 03:29:27+00:00| seen|...
CVE-2026-34876
creationtimestamp| type| source ---|---|--- 2026-04-03 07:01:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil5kl4adx27 2026-04-03 07:01:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil5lcfqjt2p...
CVE-2026-5463
creationtimestamp| type| source ---|---|--- 2026-04-03 06:00:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil25ysway2p 2026-04-03 06:00:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil26a6y7b27 2026-04-03 06:00:28+00:00| seen|...
CVE-2026-26135
creationtimestamp| type| source ---|---|--- 2026-04-03 00:50:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mikitpnzqk2z 2026-04-03 01:16:28+00:00| seen| Telegram/iJ-TXq8dDjuzcBmcTa4J1ArjLXeEo9DZvpPvRg0iyulgok 2026-04-03 01:50:22+00:00| seen|...
CVE-2026-34567
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories...
CVE-2026-34426
creationtimestamp| type| source ---|---|--- 2026-04-02 22:22:27+00:00| published-proof-of-concept| Telegram/LEqzgESE2wGHUVmUGbeDXDuSp8F8SqNkH2O3nuA9SKVO2A 2026-04-03 03:01:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mikq6qgjxg2c 2026-04-03 03:06:31+00:00| seen|...
CVE-2026-2696
The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...
CVE-2026-2699
creationtimestamp| type| source ---|---|--- 2026-04-02 09:59:15+00:00| seen| https://www.acn.gov.it/portale/w/progress-disponibili-poc-per-lo-sfruttamento-di-vulnerabilita-in-sharefile 2026-04-02 11:13:09+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mij36jygvj2d 2026-04-02...
CVE-2026-2701
creationtimestamp| type| source ---|---|--- 2026-04-02 09:59:15+00:00| seen| https://www.acn.gov.it/portale/w/progress-disponibili-poc-per-lo-sfruttamento-di-vulnerabilita-in-sharefile 2026-04-02 11:13:10+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mij36jygvj2d 2026-04-02...
CVE-2026-34950
creationtimestamp| type| source ---|---|--- 2026-04-02 08:53:21+00:00| published-proof-of-concept| https://github.com/nearform/fast-jwt/security/advisories/GHSA-mvf2-f6gm-w987 2026-04-06 16:20:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mito77wzr22s 2026-04-06...