Lucene search
K

7921 matches found

CNNVD
CNNVD
added 2026/02/22 12:0 a.m.8 views

D-Link DWR-M960 安全漏洞

The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file /boafrm/formLteSetup, specifically the submit-url parameter. This could lead to a stack buff...

9CVSS7.7AI score0.00642EPSS
Exploits1References5
CVE
CVE
added 2026/02/21 8:32 p.m.17 views

CVE-2026-2885

The CVE affects D-Link DWR-M960 (version 1.01.07). The vulnerability is a stack-based buffer overflow in the function sub_469104 within /boafrm/formIpv6Setup, triggered by manipulating the submit-url argument. Exploitation can be performed remotely, and public exploits exist. CVSS data indicate h...

9CVSS6AI score0.00728EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/20 7:56 p.m.7 views

MAL-2026-977 Malicious code in airbnb-identity (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40e5d276e9f30fb5f1071927366f0f13024da90b79fdfb1967cc5bd6d2330342 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
Metasploit
Metasploit
added 2026/02/20 6:55 p.m.350 views

Windows Registry Active Setup Persistence

This module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user. Active Setup will open a popup box with "Personalized Settings" and the te...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/20 3:28 p.m.143 views

refinance-poc

Refi-Ready POC This project is a Proof-of-Concept for a serve...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.12 views

CVE-2025-14357

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

5.3CVSS5.6AI score0.0022EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/20 12:0 a.m.4 views

Windows Registry Active Setup Persistence

This Metasploit module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/19 9:16 a.m.11 views

Malicious code in pylibcugraphops (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30ada218a0e5e01ed572fbf9a1ef6b6887f57c21c0d568aa7de27ad97719898d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/19 9:16 a.m.5 views

MAL-2026-938 Malicious code in pylibcugraphops (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30ada218a0e5e01ed572fbf9a1ef6b6887f57c21c0d568aa7de27ad97719898d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-14357

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

5.3CVSS0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

5.3CVSS5.6AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/02/19 12:28 a.m.3 views

SUSE CVE-2025-71230

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...

2.5CVSS5.7AI score0.00117EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20616

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...

5.3CVSS5.6AI score0.0022EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin PostmarkApp Email Integrator 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.8AI score0.00244EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/18 4:22 p.m.6 views

CVE-2025-71230

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 4:22 p.m.4 views

UBUNTU-CVE-2025-71230

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...

5.5CVSS5.7AI score0.00117EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 2:53 p.m.3 views

CVE-2025-71230

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...

5AI score0.00117EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/18 2:53 p.m.22 views

CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up

In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...

0.00117EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/18 1:40 a.m.8 views

CVE-2026-26736

TOTOLINK A3002RUV3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the staticipv6 parameter in the formIpv6Setup function...

8.8CVSS6AI score0.00489EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/02/18 12:0 a.m.111 views

📄 ChurchCRM 6.8.0 Information Disclosure Tester

ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...

5.5AI score
Exploits0
Rows per page
Query Builder