Lucene search
K

127708 matches found

GithubExploit
GithubExploit
added 53 minutes ago3 views

Digital-Archiving-Solutions-RCE-PoC

LPD Server — Shell Injection Exploit RFC 1179 Disclaimer...

6.4AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago6 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Apple Mac_Os_X

ICMP Timestamp Scanner — CVE-1999-0524 ╔═══════════════...

4CVSS6.7AI score0.31586EPSS
Exploits2
Patchstack
Patchstack
added 1 hour ago6 views

WordPress WP CTA – Call Now Button, Sticky Button & Call to Action Builder plugin <= 2.2.2 - Unauthenticated Time-Based Blind SQL Injection vulnerability

Unauthenticated Time-Based Blind SQL Injection vulnerability discovered by daroo in WordPress Plugin WordPress CTA versions = 2.2.2...

7.5CVSS6.1AI score0.00326EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 4 hours ago4 views

Malicious code in cbr-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa96f42fade399b9e73756e2abd62eafbfa11e2eb02fe1055d9c7e025fba4ab7 On module load, the package's main entrypoint shells out via childprocess.exec to run cat /etc/passwd and prints the contents to stdout. This fires...

6.1AI score
Exploits0References1
OSV
OSV
added 4 hours ago2 views

MAL-2026-10530 Malicious code in cbr-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa96f42fade399b9e73756e2abd62eafbfa11e2eb02fe1055d9c7e025fba4ab7 On module load, the package's main entrypoint shells out via childprocess.exec to run cat /etc/passwd and prints the contents to stdout. This fires...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 hours ago5 views

Malicious code in neteller (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167278e6d334ec3629d24f3031e8dd2920ebbbdfd9ea4918cde2fd1d60e41c3c Package name and description impersonate the Paysafe-owned Neteller payment brand, with a fake repository URL 'github.com/paysafe/neteller'. The...

6.2AI score
Exploits0References1
OSV
OSV
added 5 hours ago4 views

MAL-2026-10538 Malicious code in neteller (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 167278e6d334ec3629d24f3031e8dd2920ebbbdfd9ea4918cde2fd1d60e41c3c Package name and description impersonate the Paysafe-owned Neteller payment brand, with a fake repository URL 'github.com/paysafe/neteller'. The...

6.2AI score
Exploits0References1
NVD
NVD
added 6 hours ago6 views

CVE-2026-11802

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS
Exploits0References8
Cvelist
Cvelist
added 7 hours ago8 views

CVE-2026-11802 FoodBook Lite <= 1.5.6 - Missing Authorization to Unauthenticated User Registration via 'registration_action' AJAX Action

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS
Exploits0References8
CVE
CVE
added 7 hours ago6 views

CVE-2026-11802

The CVE covers the FoodBook Lite WordPress plugin (up to version 1.5.6). The registration() function exposed via the wp_ajax_nopriv_registration_action AJAX action lacks nonce verification, lacks capability checks, and does not honor WordPress users_can_register before calling wp_insert_user(). T...

5.3CVSS6AI score
Exploits0References8
ATTACKERKB
ATTACKERKB
added 7 hours ago4 views

CVE-2026-11802

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS6AI score
Exploits0References9
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-43610

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS6AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 8 hours ago3 views

PT-2026-57951

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wp ajax nopriv registration action AJAX action, lacks any nonce verification or capability check,...

5.3CVSS6AI score
Exploits0References9
Zero Science Lab
Zero Science Lab
added 8 hours ago5 views

SIP Sustainable Irrigation Platform 5.x CSRF Disable Passphrase Authorization

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

6.1AI score
Exploits0
OSV
OSV
added yesterday2 views

GHSA-VRR2-G9GH-C3JC Kimai: Timesheet PATCH/POST allows assigning to project outside user's team via query_builder OR-bypass

Summary The Timesheet API PATCH /api/timesheets/id and POST /api/timesheets endpoints accept a user-supplied project ID and resolve it through a Symfony EntityType whose querybuilder allows the submitted ID to satisfy the access predicate via an unconditional OR branch. As a result, any...

5.3CVSS6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday3 views

Kimai: Timesheet PATCH/POST allows assigning to project outside user's team via query_builder OR-bypass

Summary The Timesheet API PATCH /api/timesheets/id and POST /api/timesheets endpoints accept a user-supplied project ID and resolve it through a Symfony EntityType whose querybuilder allows the submitted ID to satisfy the access predicate via an unconditional OR branch. As a result, any...

6.1AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday2 views

GHSA-PGCC-VFMC-7CW5 Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changes

Summary Kimai 2.56.0 contains authenticated cross-site request forgery issues in its default team creation shortcuts for projects, customers, and activities. These endpoints are exposed through GET routes and directly create or reuse a Team, add the current user as teamlead, and bind the target...

6.3CVSS6.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

Kimai: Login CSRF in Default Team Creation Endpoints Allows Unauthorized Team and Permission Structure Changes

Summary Kimai 2.56.0 contains authenticated cross-site request forgery issues in its default team creation shortcuts for projects, customers, and activities. These endpoints are exposed through GET routes and directly create or reuse a Team, add the current user as teamlead, and bind the target...

6.1AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-C67F-GMXW-MJ93 FacturaScripts: Account takeover of any 2FA-enabled user

Authentication bypass in FacturaScripts: /login?action=two-factor-validation accepts brute-forceable TOTP without password or CSRF protection Summary Core/Controller/Login.php::twoFactorValidationAction accepts an unauthenticated POST containing only fsNick and fsTwoFactorCode. If the TOTP value...

9.3CVSS6.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday7 views

FacturaScripts: Account takeover of any 2FA-enabled user

Authentication bypass in FacturaScripts: /login?action=two-factor-validation accepts brute-forceable TOTP without password or CSRF protection Summary Core/Controller/Login.php::twoFactorValidationAction accepts an unauthenticated POST containing only fsNick and fsTwoFactorCode. If the TOTP value...

6.2AI score
Exploits0References3Affected Software1
Rows per page
Query Builder