wined

Windows Exploitation wined Tools The following scripts were...

Premium Addons for Elementor - Unauthenticated Information Disclosure

Premium Addons for Elementor plugin for WordPress version 4.11.53 and below contains an unauthenticated information disclosure vulnerability.The vulnerability exists due to a missing authorization check in the gettemplatecontent AJAX handler, allowing unauthenticated attackers to retrieve private...

XWiki Platform - Cross-Site Scripting

XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...

Sensei LMS < 4.24.2 - Email Template Leak

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. id: CVE-2024-7786 info: name: Sensei LMS 4.24.2 - Email Template Leak author: s4e-io severity: high description: | The Sensei LMS WordPress...

PYSEC-2026-172

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

EUVD-2026-33590

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

Exploit-Databases

💥 Exploits Database & PoC Resources Koleksi exploit databas...

Linux Distros Unpatched Vulnerability : CVE-2026-44836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives ...

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

CVE-2026-49368

CVE-2026-49368 affects JetBrains YouTrack prior to version 2026.1.13162. The issue is a stored XSS in project notification templates. According to the entry, the vulnerability can be triggered remotely (attack vector: NETWORK) with low privileges required and user interaction needed, leading to h...

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

EUVD-2026-33416

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

CVE-2026-46376

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

EUVD-2026-33295

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

CVE-2026-9558

A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code on the...