2099 matches found
📄 Jumbo Website Manager Shell Upload
Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7. Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL:...
FreeBSD : Mozilla -- Incorrect boundary conditions (322bd409-33fb-11f1-8ac1-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 322bd409-33fb-11f1-8ac1-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2022554 reports: Incorrect boundary conditions in the...
[SECURITY] Fedora 42 Update: gstreamer1-plugins-bad-free-1.26.11-1.fc42
GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...
EUVD-2026-12887
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
CVE-2026-23256 net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
coruna
Coruna The leaked exploit toolkit for various iOS versions. E...
CVE-2026-1468 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. Al...
CVE-2026-24352
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-24352
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-24352 Session Fixation in PluXml CMS
PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this...
CVE-2026-24351 Stored XSS in PluXml CMS
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...
PT-2026-22332
PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...
Mozilla Thunderbird < 140.8
The version of Thunderbird installed on the remote Windows host is prior to 140.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-17 advisory. - Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and...
Splunk Enterprise 9.2.0 < 9.2.11, 9.3.0 < 9.3.9, 9.4.0 < 9.4.7, 10.0.0 < 10.0.2 (SVD-2026-0203)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0203 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.7, 9.3.9, and 9.2.11, a user of a Splunk Search Head Cluster SHC...
ISC BIND 9.11.3-S1 < 9.18.38-S1 / 9.18.11-S1 < 9.18.38-S1 / 9.20.9-S1 < 9.20.11-S1 Vulnerability (cve-2025-40776)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40776 advisory. - A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning...
CVE-2026-23797
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2026-23797 Plaintext password display in Quick.Cart
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2025-12386
Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...
CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...
CVE-2025-12387 Denial of Service in Pix-Link LV-WR21Q
A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...