Lucene search
K

324899 matches found

GithubExploit
GithubExploit
added 1 hour ago4 views

OSCPToolkit

OSCP Toolkit Setup This is a bash script oscp-toolkit-setup...

7.8CVSS7.3AI score0.96267EPSS
Exploits229
GithubExploit
GithubExploit
added 1 hour ago5 views

Exploit for Missing Authorization in Misp-Project Misp

CVE-2026-56423 — MISP deleteSelection Broken Access Control...

9.4CVSS6AI score0.00261EPSS
Exploits1
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42759

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2 hours ago4 views

CVE-2026-54760

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS
Exploits0References1
NVD
NVD
added 2 hours ago2 views

CVE-2026-12595

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS
Exploits0References2
CVE
CVE
added yesterday15 views

CVE-2026-54760

CVE-2026-54760: Langroid’s SQLChatAgent dangerous-function blocklist can be bypassed. Prior to version 0.65.1, the mitigation combines a raw-text regex (_DANGEROUS_SQL_PATTERNS) with a sqlglot-based SELECT-only allowlist. Attackers can defeat the regex using PostgreSQL forms such as quoted identi...

9.3CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-54760 Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...

9.3CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday3 views

CVE-2026-12595 LoginPress Pro <= 6.2.3 - Unauthenticated Authentication Bypass via Unverified OAuth Email via Discord OAuth Callback

The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpressondiscordlogin Discord OAuth callback handler, which accepts the email field returned by Discord's...

8.1CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-12595

CVE-2026-12595 concerns the LoginPress Pro WordPress plugin. It enables an unauthenticated attacker to bypass authentication via an unverified Discord email. The flaw resides in the loginpress_on_discord_login() OAuth callback handler, which accepts the email from Discord’s /users/@me response wi...

8.1CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday2 views

psd-tools vulnerable to arbitrary file write via smart-object filename

psd-tools: arbitrary file write/read via smart-object path traversal Summary In psd-tools all releases exposing the SmartObject API through v1.17.0, SmartObject.save writes an embedded smart object to a path taken verbatim from the PSD file. Because that name is attacker-controlled and unsanitise...

6.6AI score
Exploits0References4Affected Software1
EUVD
EUVD
added yesterday12 views

EUVD-2026-33938

mint has potential CRLF injection in its HTTP request line via unvalidated method/target...

2.1CVSS5.9AI score0.00166EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added yesterday2 views

mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target`

Summary Mint's HTTP/1 request encoder splices the caller-supplied method and target directly into the request line without character validation. An application that forwards attacker-controlled input as the HTTP method or the target to Mint.HTTP.request/5 is exposed to request-line CRLF injection...

2.1CVSS6AI score0.00166EPSS
Exploits0References6Affected Software1
NVD
NVD
added yesterday3 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-39245

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

Exploits0References4
GithubExploit
GithubExploit
added yesterday10 views

Exploit for CVE-2026-12400

CVE-2026-12400 — FlowForms IDOR: Unauthorized Form Modificatio...

6AI score
Exploits0
Github Security Blog
Github Security Blog
added yesterday4 views

Sylius: IDOR on Shop Payment Request API endpoints

Impact The GET /api/v2/shop/payment-requests/hash and PUT /api/v2/shop/payment-requests/hash endpoints look up the payment request solely by the hash from the URL. No ownership check is performed against the authenticated customer or the underlying order. An attacker who obtains a payment request...

6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added yesterday3 views

YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize

Details Sink tools/bazar/services/CSVManager.php line 372-399: public function importEntryarray $importedEntries, string $formId: ?array if !$this-importdone // ... foreach $importedEntries as $entry $entry = unserializebase64decode$entry; // false argument; arbitrary classes are instantiated. Th...

6.7AI score0.00379EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday2 views

YesWiki Vulnerable to Reflected XSS via Unescaped `id` Parameter in Bazar Widget HTML Attributes

Summary YesWiki's Bazar widget handler reflects the id GET parameter into HTML attributes using striptags only. Because striptags does not escape double quotes, an attacker can break out of the attribute value, inject an event handler such as onmouseover, and execute arbitrary JavaScript in the...

6AI score0.00039EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday2 views

YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`

Summary YesWiki's archived-revision view reflects the time GET parameter into a hidden HTML input in handlers/page/show.php without escaping. Because MySQL coerces malformed DATETIME strings, an attacker can append HTML or JavaScript to a valid archived revision timestamp, still load that archive...

6.2AI score0.00031EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added yesterday3 views

YesWiki has stored XSS in Bazar form-field templates via unescaped field.label / field.hint (|raw('html'))

Bazar form-field templates still apply |raw'html' to field.label / field.hint in attribute and label-body contexts — stored XSS in form renders sibling class of commit e6b66aa CWE: CWE-79 Improper Neutralization of Input During Web Page Generation, "Cross-site Scripting" via CWE-116 Improper...

6.2AI score0.00034EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder