519752 matches found
CVE-2026-9734
The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2026-9734
The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2026-9734 W3SC Elementor to Zoho CRM <= 2.2.0 - Cross-Site Request Forgery to Settings Update
The W3SC Elementor to Zoho CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the storeInfo function. This makes it possible for unauthenticated attackers to modify the plugin's...
wp2shell
wp2shell Pre-authentication RCE exploit for WordPress Core RE...
Exploit for CVE-2026-60137
wp2shell-lab Educational PoC and lab for CVE-2026-63030 + C...
Exploit for CVE-2026-63030
wp2shell CVE-2026-63030 + CVE-2026-60137: Independent Root C...
wp2shell-poc
wp2shell-poc Independent proof-of-concept for the unauthentic...
Exploit for CVE-2026-63030
WordPress REST API Batch Route Confusion + SQL Injection → RCE...
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.
The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware
HIKRAVEN 🛡️ Advanced Hikvision Security Assessmen...
Exploit for CVE-2026-63030
wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...
Exploit for OS Command Injection in Zoneminder
CVE-2023-26039 Description ZoneMinder is a free, open sou...
GHSA-R95Q-FP26-H3HC CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard
Authenticated full-read SSRF in CloudTAK /api/esri routes — user-controlled URL fetched with no IP-classification guard Summary Every route in the ESRI helper family api/routes/esri.ts takes a fully attacker-controlled URL from the request POST /api/esri body url, and the portal / server / layer...
CloudTAK: Authenticated full-read SSRF in the /api/esri* routes — user-controlled URL fetched with no IP-classification guard
Authenticated full-read SSRF in CloudTAK /api/esri routes — user-controlled URL fetched with no IP-classification guard Summary Every route in the ESRI helper family api/routes/esri.ts takes a fully attacker-controlled URL from the request POST /api/esri body url, and the portal / server / layer...
CVE-2026-56171
Exposure of private personal information to an unauthorized actor in Windows RDP allows an unauthorized attacker to disclose information over a network...
CVE-2026-55518
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run t...
CVE-2026-52348
cool-admin-java 8.0.0 has a SQL injection vulnerability in the order method of CrudOption.java...
CVE-2026-55518 Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run t...