7921 matches found
D-Link DWR-M960 安全漏洞
The D-Link DWR-M960 is a router produced by D-Link Corporation. The D-Link DWR-M960 version 1.01.07 has a security vulnerability. This vulnerability stems from incorrect handling of parameters in the file /boafrm/formLteSetup, specifically the submit-url parameter. This could lead to a stack buff...
CVE-2026-2885
The CVE affects D-Link DWR-M960 (version 1.01.07). The vulnerability is a stack-based buffer overflow in the function sub_469104 within /boafrm/formIpv6Setup, triggered by manipulating the submit-url argument. Exploitation can be performed remotely, and public exploits exist. CVSS data indicate h...
MAL-2026-977 Malicious code in airbnb-identity (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 40e5d276e9f30fb5f1071927366f0f13024da90b79fdfb1967cc5bd6d2330342 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Windows Registry Active Setup Persistence
This module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user. Active Setup will open a popup box with "Personalized Settings" and the te...
refinance-poc
Refi-Ready POC This project is a Proof-of-Concept for a serve...
CVE-2025-14357
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
Windows Registry Active Setup Persistence
This Metasploit module will register a payload to run via the Active Setup mechanism in Windows. Active Setup is a Windows feature that runs once per user at login. It triggers in a user context, losing privileges from admin to user...
Malicious code in pylibcugraphops (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 30ada218a0e5e01ed572fbf9a1ef6b6887f57c21c0d568aa7de27ad97719898d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-938 Malicious code in pylibcugraphops (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 30ada218a0e5e01ed572fbf9a1ef6b6887f57c21c0d568aa7de27ad97719898d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
CVE-2025-14357
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...
SUSE CVE-2025-71230
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...
PT-2026-20616
The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...
WordPress plugin PostmarkApp Email Integrator 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2025-71230
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...
UBUNTU-CVE-2025-71230
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...
CVE-2025-71230
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...
CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb-sfsinfo is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocated by...
CVE-2026-26736
TOTOLINK A3002RUV3 V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the staticipv6 parameter in the formIpv6Setup function...
📄 ChurchCRM 6.8.0 Information Disclosure Tester
ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...