Lucene search
+L

519752 matches found

NVD
NVD
added 12 minutes ago1 views

CVE-2026-9734

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS
Exploits0References4
CVE
CVE
added 57 minutes ago2 views

CVE-2026-9734

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.2AI score
Exploits0References4
Cvelist
Cvelist
added 57 minutes ago3 views

CVE-2026-9734 W3SC Elementor to Zoho CRM <= 2.2.0 - Cross-Site Request Forgery to Settings Update

The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS
Exploits0References4
GithubExploit
GithubExploit
added 1 hour ago2 views

wp2shell

wp2shell Pre-authentication RCE exploit for WordPress Core RE...

9.8CVSS5.9AI score
Exploits8
GithubExploit
GithubExploit
added 2 hours ago7 views

Exploit for CVE-2026-60137

wp2shell-lab Educational PoC and lab for CVE-2026-63030 + C...

9.1CVSS6AI score
Exploits8
GithubExploit
GithubExploit
added 2 hours ago8 views

Exploit for CVE-2026-63030

wp2shell CVE-2026-63030 + CVE-2026-60137: Independent Root C...

9.1CVSS6AI score
Exploits8
GithubExploit
GithubExploit
added 2 hours ago1 views

wp2shell-poc

wp2shell-poc Independent proof-of-concept for the unauthentic...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 4 hours ago12 views

Exploit for CVE-2026-63030

WordPress REST API Batch Route Confusion + SQL Injection → RCE...

9.1CVSS6.2AI score
Exploits8
BDU FSTEC
BDU FSTEC
added yesterday15 views

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

9.1CVSS6.1AI score0.00648EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added yesterday18 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02603EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added yesterday17 views

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

7.5CVSS6AI score0.06702EPSS
Exploits8References3Affected Software1
GithubExploit
GithubExploit
added yesterday14 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

HIKRAVEN 🛡️ Advanced Hikvision Security Assessmen...

9.8CVSS9.1AI score0.99869EPSS
Exploits25
GithubExploit
GithubExploit
added yesterday11 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS6.9AI score
Exploits8
GithubExploit
GithubExploit
added yesterday15 views

Exploit for OS Command Injection in Zoneminder

CVE-2023-26039 Description ZoneMinder is a free, open sou...

8.8CVSS8.2AI score0.01246EPSS
Exploits1
OSV
OSV
added yesterday8 views

GHSA-R95Q-FP26-H3HC CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard

Authenticated full-read SSRF in CloudTAK /api/esri routes — user-controlled URL fetched with no IP-classification guard Summary Every route in the ESRI helper family api/routes/esri.ts takes a fully attacker-controlled URL from the request POST /api/esri body url, and the portal / server / layer...

7.6CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday8 views

CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard

Authenticated full-read SSRF in CloudTAK /api/esri routes — user-controlled URL fetched with no IP-classification guard Summary Every route in the ESRI helper family api/routes/esri.ts takes a fully attacker-controlled URL from the request POST /api/esri body url, and the portal / server / layer...

5.8AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-56171

Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network...

7.1CVSS5.2AI score
Exploits0References2Affected Software2
NVD
NVD
added yesterday7 views

CVE-2026-55518

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run t...

9.6CVSS
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2026-52348

cool-admin-java 8.0.0 has a SQL injection vulnerability in the order method of CrudOption.java...

Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-55518 Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run t...

9.6CVSS
Exploits0References4
Rows per page
Query Builder