CVE-2026-6048

The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL customattributes field in all versions up to, and including, 2.1.1 due to insufficient validation of custom attribute names. Specifically, the plugin uses eschtml ...

WordPress plugin Content Blocks (Custom Post Widget) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-34743

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description An issue exists in the run method of the Airtable Agents class due to insufficient sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can u...

WordPress plugin Hostel 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress plugin Flipbox Addon for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-40321

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

OpenClaw: busybox and toybox applet execution weakened exec approval binding

Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...

GHSA-2CQ5-MF3V-MX44 OpenClaw: busybox and toybox applet execution weakened exec approval binding

Summary busybox and toybox applet execution weakened exec approval binding. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.23 = 2026.4.12 Impact Opaque multi-call binaries such as busybox and toybox could obscure which applet or script-like behavio...

EUVD-2026-23494

Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...

CVE-2026-40282

WeGIA web manager (used by charitable institutions) contains a Stored XSS vulnerability in versions prior to 3.6.10, exploitable by an authenticated user on the Intercorrências notification page. The attack injects JavaScript that runs when the page is accessed, enabling session hijacking and pot...

Exploit for CVE-2007-2447

Samba-CVE-2007-244...

Exploit for CVE-2007-2447

Samba CVE-2007-2447 Exploit Username Map Script Este reposi...

BadSuccessor-PoC

🛡️ Advanced BadSuccessor CVE-2025-53779 – Weaponized PoC & D...

CVE-2026-6496

A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argument file results in path traversal. The attack may be performed from remote. The exploit has been...

Malicious code in shan-lib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f30fc6910fe03c53a74048a95f90fcd38db1b5317f3a3401ceb1bb9ea24fc704 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-6490 QueryMine sms GET Request Parameter deletecourse.php sql injection

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated...

CVE-2026-28263

CVE-2026-28263 affects Dell PowerProtect Data Domain running DD OS Feature Release 7.7.1.0–8.5, LTS2025 8.3.1.0–8.3.1.20, and LTS2024 7.13.1.0–7.13.1.50. It describes a cross-site scripting vulnerability that could be exploited by a high-privilege attacker with remote access, leading to script in...

Malicious code in shan-lib-poc (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f6c2f4a0560b1811eba11c9fd304f7441ab7e04f4e569e01bdfe06aba6722edb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-6483

CVE-2026-6483 affects Wavlink WL-WN530H4 (firmware 20220721). The flaw is in the strcat/snprintf usage in /cgi-bin/internet.cgi, enabling remote, unauthenticated command injection with high impact (confidentiality, integrity, availability). Exploitation is feasible over the network; public exploi...

Malicious code in keystackutilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4b76e011fdc2ff62186e932ab958f9daf671bcc8e727dcaed74441489b229468 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...