CVE-2026-33159

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14, guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-chang...

GHSA-6MRR-Q3PJ-H53W Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations

Summary Guest users can access Config Sync updater index, obtain signed data, and execute state-changing Config Sync actions regenerate-yaml, apply-yaml-changes without authentication. Details ConfigSyncController extends BaseUpdaterController, and the base updater is anonymously accessible for...

MAL-2025-143705 Malicious code in io-restart-less-neptune (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02f4d0056d31b5a03779d08089412376d33984c089f20b0c1f39e54e7df1036e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2022-3926

The WP OAuth Server OAuth Authentication WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client ID...

CVE-2022-39351 Dependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions

Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependency-Track's audit...

Antivirus Evasion Framework: Veil Framework

Antivirus Evasion Framework: Veil Framework The Veil-Framework is a collection of red team security tools that implement various attack methods focused on evading detection. It currently consists of: Veil-Evasion : a tool to generate antivirus-evading payloads using a variety of techniques and...

SOL11772107 - BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084

Note: Upgrading a vulnerable version to a not vulnerable version will not mitigate this issue; performing an upgrade on a vulnerable instance will cause the instance to remain vulnerable after the upgrade. Furthermore, any backups that are made from a vulnerable instance and restored to a not...

[XSS Shell] XSS Backdoor and Zombie Manager

XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by “XSS-Proxy – http://xss-proxy.sourceforge.net/”. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page...