299071 matches found
CVE-2026-10130 QueryWeaver Authentication Bypass via Email Signup Token Issuance for Existing Accounts
QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching...
CVE-2026-10130 QueryWeaver Authentication Bypass via Email Signup Token Issuance for Existing Accounts
QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching...
CVE-2026-12228
A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...
Exploit for CVE-2026-63030
CVE-2026-63030 The WordPress REST API batch routing confusi...
Exploit for CVE-2026-60137
wp2shell-detect Blackbox, non-intrusive detector for wp...
CVE-2026-12228 Stored XSS in Direct Messages via Prompt Sharing in parisneo/lollms
A stored cross-site scripting XSS vulnerability exists in the POST /api/prompts/share endpoint of parisneo/lollms latest version. The endpoint stores attacker-controlled promptcontent into DBDirectMessage.content without server-side sanitization. When a victim opens the direct message DM thread,...
CVE-2026-12228
The CVE describes a stored XSS in parisneo/lollms via POST /api/prompts/share where attacker-controlled prompt_content is saved to DBDirectMessage.content and later rendered with v-html in the DM UI. The frontend regex-based sanitizer fails to fully sanitize HTML, enabling malicious payloads to r...
CVE-2026-57848
Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component reachable to any process on the device via the android.intent.action.SEND intent and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filte...
CVE-2026-57848
Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component reachable to any process on the device via the android.intent.action.SEND intent and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filte...
CVE-2026-57848
CVE-2026-57848 concerns Stoat for Android where the exported ShareTargetActivity does not validate the incoming android.intent.extra.STREAM URI before using it as the outgoing attachment. An attacker able to invoke intents can supply a file:// URI pointing to the app’s internal storage (e.g., dat...
CVE-2026-57848 Stoat for Android Internal File Disclosure via Exported ShareTargetActivity URI Validation
Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component reachable to any process on the device via the android.intent.action.SEND intent and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filte...
EUVD-2026-45395
Stoat for Android exports the chat.stoat.activities.ShareTargetActivity component reachable to any process on the device via the android.intent.action.SEND intent and accepts the file to share as a URI supplied through the android.intent.extra.STREAM extra. The activity does not validate or filte...
Exploit for CVE-2026-60137
Unauthenticated pre-auth RCE PoC for the WordPress wp2shell chai...
FLOCK_CVE_SCANNER
FLOCKCVESCANNER Scan and exploit with permission Ov...
Exploit for CVE-2026-60137
wp2shell Pre-authentication Remote Code Execution against Wor...
Exploit for Missing Authentication for Critical Function in Splunk
Splunk Enterprise — CVE-2026-20253 Training Lab Splunk En...
FatPipe WARP/IPVPN/MPVPN - Backdoor Account
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain an account named "cmuser" with administrative privileges and no password, letting attackers gain unauthorized admin access, exploit requires no authentication. id: CVE-2021-27856 info: name: FatPipe...
WordPress ProfilePress <= 3.1.3 - Privilege Escalation
ProfilePress plugin before 3.1.4 allows privilege escalation. Due to insufficient validation in the profile update functionality, authenticated users can supply arbitrary usermeta fields, including wpcapabilities, during profile updates. This enables a user to escalate their privileges to...
Memos 0.13.2 - Server-Side Request Forgery
SSRF vulnerabilities exist in the memos API service /o/get/httpmeta that allow unauthenticated and authenticated users to enumerate and read from the internal network. In addition, one SSRF vulnerability leads to a reflected XSS vulnerability, which may allow an attacker complete control over the...
Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...