324899 matches found
OSCPToolkit
OSCP Toolkit Setup This is a bash script oscp-toolkit-setup...
Exploit for Missing Authorization in Misp-Project Misp
CVE-2026-56423 — MISP deleteSelection Broken Access Control...
EUVD-2026-42759
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...
CVE-2026-54760
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
CVE-2026-12595
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...
CVE-2026-54760
CVE-2026-54760: Langroid’s SQLChatAgent dangerous-function blocklist can be bypassed. Prior to version 0.65.1, the mitigation combines a raw-text regex (_DANGEROUS_SQL_PATTERNS) with a sqlglot-based SELECT-only allowlist. Attackers can defeat the regex using PostgreSQL forms such as quoted identi...
CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
CVE-2026-12595 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via Discord OAuth Callback
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...
CVE-2026-12595
CVE-2026-12595 concerns the LoginPress Pro WordPress plugin. It enables an unauthenticated attacker to bypass authentication via an unverified Discord email. The flaw resides in the loginpress_on_discord_login() OAuth callback handler, which accepts the email from Discord’s /users/@me response wi...
psd-tools vulnerable to arbitrary file write via smart-object filename
psd-tools: arbitrary file write/read via smart-object path traversal Summary In psd-tools all releases exposing the SmartObject API through v1.17.0, SmartObject.save writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-controlled and unsanitise...
EUVD-2026-33938
mint has potential CRLF injection in its HTTP request line via unvalidated method/target...
mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target`
Summary Mint's HTTP/1 request encoder splices the caller-supplied method and target directly into the request line without character validation. An application that forwards attacker-controlled input as the HTTP method or the target to Mint.HTTP.request/5 is exposed to request-line CRLF injection...
CVE-2026-39243
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
CVE-2026-39245
decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...
Exploit for CVE-2026-12400
CVE-2026-12400 — FlowForms IDOR: Unauthorized Form Modificatio...
Sylius: IDOR on Shop Payment Request API endpoints
Impact The GET /api/v2/shop/payment-requests/hash and PUT /api/v2/shop/payment-requests/hash endpoints look up the payment request solely by the hash from the URL. No ownership check is performed against the authenticated customer or the underlying order. An attacker who obtains a payment request...
YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize
Details Sink tools/bazar/services/CSVManager.php line 372-399: public function importEntryarray $importedEntries, string $formId: ?array if !$this-importdone // ... foreach $importedEntries as $entry $entry = unserializebase64decode$entry; // false argument; arbitrary classes are instantiated. Th...
YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes
Summary YesWiki's Bazar widget handler reflects the id GET parameter into HTML attributes using striptags only. Because striptags does not escape double quotes, an attacker can break out of the attribute value, inject an event handler such as onmouseover, and execute arbitrary JavaScript in the...
YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`
Summary YesWiki's archived-revision view reflects the time GET parameter into a hidden HTML input in handlers/page/show.php without escaping. Because MySQL coerces malformed DATETIME strings, an attacker can append HTML or JavaScript to a valid archived revision timestamp, still load that archive...
YesWiki has stored XSS in Bazar form-field templates via unescaped field.label / field.hint (|raw('html'))
Bazar form-field templates still apply |raw'html' to field.label / field.hint in attribute and label-body contexts — stored XSS in form renders sibling class of commit e6b66aa CWE: CWE-79 Improper Neutralization of Input During Web Page Generation, "Cross-site Scripting" via CWE-116 Improper...