307491 matches found
APEX_FRAMEWORK
ApexFramework A high-performance Ruby-based framework for sec...
EUVD-2026-45400
The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...
CVE-2026-57857
The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...
Exploit for CVE-2026-63030
CVE-2026-63030 The WordPress REST API batch routing confusi...
CVE-2026-57857
The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...
CVE-2026-57857 Flow Payment Plugin for WordPress Reflected Cross-Site Scripting via error_message Parameter
The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...
CVE-2026-57857
The Flow Payment plugin for WordPress (flow.cl) v3.0.8 is affected by a reflected cross-site scripting (XSS) on the WooCommerce checkout page. The vulnerability arises because error_message from an order-cancellation flow is passed directly to wc_add_notice() in flowpayment-fl.php (lines 57–58) w...
Exploit for CVE-2026-63030
wp2shellscanner !smokehttps://github.com/zi3lak/wp2shell...
wp2shell
wp2shell WordPress REST batch route-confusion blind SQL injec...
Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core
TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...
Exploit for CVE-2026-60137
wp2shell Pre-authentication Remote Code Execution against Wor...
Exploit for CVE-2026-63030
wp2r00t - WordPress REST Batch Route-Confusion SQLi PoC A sel...
CVE-2026-11826
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2024-58363
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...
CVE-2026-11826 OpenPLC_v3 Heap-Based Buffer Overflow in Modbus Master getData()
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2026-11826
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2026-11826
OpenPLC_v3 has a heap-based buffer overflow in getData() within webserver/core/modbus_master.cpp. getData() copies data between delimiters into a caller-supplied buffer without size/bounds checks. parseConfig() uses a 100-byte heap-allocated MB_device.dev_name; an authenticated user can POST an o...
EUVD-2026-45380
OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...
CVE-2024-58363 SurrealDB before 1.5.4 Authentication Bypass via Database Switch
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...
CVE-2024-58363
SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...