Lucene search
+L

307491 matches found

GithubExploit
GithubExploit
added yesterday12 views

APEX_FRAMEWORK

ApexFramework A high-performance Ruby-based framework for sec...

6.2AI score
Exploits0
EUVD
EUVD
added yesterday4 views

EUVD-2026-45400

The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...

5.1CVSS5AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-57857

The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...

5.1CVSS
Exploits0References2
GithubExploit
GithubExploit
added yesterday12 views

Exploit for CVE-2026-63030

CVE-2026-63030 The WordPress REST API batch routing confusi...

9.8CVSS7AI score0.08946EPSS
Exploits27
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-57857

The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...

5.1CVSS5AI score
Exploits0References3
Cvelist
Cvelist
added yesterday8 views

CVE-2026-57857 Flow Payment Plugin for WordPress Reflected Cross-Site Scripting via error_message Parameter

The Flow Payment plugin for WordPress flow.cl version 3.0.8 is vulnerable to reflected cross-site scripting on the WooCommerce checkout page. When the plugin handles an order cancellation, the errormessage GET parameter is passed directly to wcaddnotice in flowpayment-fl.php lines 57-58 without...

5.1CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-57857

The Flow Payment plugin for WordPress (flow.cl) v3.0.8 is affected by a reflected cross-site scripting (XSS) on the WooCommerce checkout page. The vulnerability arises because error_message from an order-cancellation flow is passed directly to wc_add_notice() in flowpayment-fl.php (lines 57–58) w...

5.1CVSS5AI score
Exploits0References2
GithubExploit
GithubExploit
added yesterday16 views

Exploit for CVE-2026-63030

wp2shellscanner !smokehttps://github.com/zi3lak/wp2shell...

9.8CVSS6.7AI score0.08946EPSS
Exploits27
GithubExploit
GithubExploit
added yesterday20 views

wp2shell

wp2shell WordPress REST batch route-confusion blind SQL injec...

9.8CVSS5.9AI score0.08946EPSS
Exploits27
Imperva Blog
Imperva Blog
added yesterday7 views

Imperva Customers Protected Against “wp2shell” Pre-Authentication RCE in WordPress Core

TL;DR : A critical pre-authentication Remote Code Execution RCE vulnerability, dubbed "wp2shell" CVE-2026-63030, has been identified in WordPress Core. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a vulnerable WordPress installation without any preconditions,...

9.8CVSS6.8AI score0.08946EPSS
Exploits27
GithubExploit
GithubExploit
added yesterday21 views

Exploit for CVE-2026-60137

wp2shell Pre-authentication Remote Code Execution against Wor...

9.8CVSS5.8AI score0.08946EPSS
Exploits27
GithubExploit
GithubExploit
added yesterday13 views

Exploit for CVE-2026-63030

wp2r00t - WordPress REST Batch Route-Confusion SQLi PoC A sel...

9.8CVSS6.4AI score0.08946EPSS
Exploits27
NVD
NVD
added yesterday7 views

CVE-2026-11826

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS
Exploits0References4
NVD
NVD
added yesterday8 views

CVE-2024-58363

SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-11826 OpenPLC_v3 Heap-Based Buffer Overflow in Modbus Master getData()

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-11826

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS5.8AI score
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-11826

OpenPLC_v3 has a heap-based buffer overflow in getData() within webserver/core/modbus_master.cpp. getData() copies data between delimiters into a caller-supplied buffer without size/bounds checks. parseConfig() uses a 100-byte heap-allocated MB_device.dev_name; an authenticated user can POST an o...

8.8CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-45380

OpenPLCv3 contains a heap-based buffer overflow in the getData function in webserver/core/modbusmaster.cpp. getData reads characters between two delimiters into a caller-supplied buffer with no size parameter and no bounds check. In parseConfig the function is invoked with the 100-byte...

8.8CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added yesterday9 views

CVE-2024-58363 SurrealDB before 1.5.4 Authentication Bypass via Database Switch

SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...

6.3CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-58363

SurrealDB before 1.5.4 fails to properly validate authentication when a scope user switches databases using the USE clause or use method. Attackers with an authenticated session can impersonate an unrelated user in a different database if a user record with an identical identifier exists, allowin...

6.3CVSS5.3AI score
Exploits0References3
Rows per page
Query Builder