CVE-2026-26792

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...

PT-2026-25025

GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the set upgrade function via the modem url, target version, current version, firmware upload, hash type, hash value, and upgrade type parameters. These vulnerabilities allow attackers to execute...

PT-2026-37041

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.30 through 2.4.66 Description An issue exists in the mod md module where resource allocation occurs without limits or throttling when processing OCSP response data. OCSP Online Certificate Status Protocol is a...

CVE-2026-27343 WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

Exploit for Type Confusion in Google Chrome

Chrome-CVE-2024-2887-RCE-Poc 개요 - 취약점 명칭: Google Chrome Type...

CVE-2025-62952 WordPress ChatBot plugin <= 7.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through = 7.7.3...

CVE-2025-62172 Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name

Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site scripting. An authenticated user can inject malicious JavaScript code into an energy entity's name fiel...

EUVD-2025-24742

Malicious code in bioql PyPI...

CVE-2025-54080

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An...

CVE-2025-58201 WordPress AfterShip Tracking Plugin <= 1.17.17 - Broken Access Control Vulnerability

Missing Authorization vulnerability in AfterShip & Automizely AfterShip Tracking aftership-woocommerce-tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AfterShip Tracking: from n/a through = 1.17.17...

CVE-2022-1001

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...

WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed PoC Access the settings of th...

PT-2020-13472 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.10.13 Description: An issue has been discovered in GitLab where it was vulnerable to a stored XSS in the Wiki pages. Recommendations: For versions prior to 12.10.13, update to version 12.10.13 or later to resolve t...

PVS target and server version compatibility

Q: Can a PVS environment be configured with PVS target version higher than the PVS server version? A: No, The PVS target version should be the same as the PVS server version Configuring PVS environment with PVS target version higher than the PVS server version may work however if there is an issu...

Cisco IOS Tiny Shellcode 1.0

Cisco IOS Tiny shellcode v1.0. Shellcode exploit for hardware platform ---------------------------------------------------------------------------------------- Cisco IOS Tiny shellcode v1.0 c 2007 IRM Plc By Gyan Chawdhary...

ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow

/ Dreatica-FXP crew ---------------------------------------- Target : ASUS DPC Proxy 2.0.0.16/2.0.0.24 ---------------------------------------- Exploit : ASUS DPC Proxy 2.0.0.16/2.0.0.19 Remote Buffer Overflow Exploit Exploit date : 02.04.2008 Exploit writer : Heretic2 [email protected] OS :...