28890 matches found
CVE-2026-49772
CVE-2026-49772 affects WordPress plugin The Events Calendar (Liquid Web / StellarWP) versions 6.15.12–6.16.2. The issue is an SQL Injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 9.3 (CRITICAL) with AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L...
CVE-2026-49772 WordPress The Events Calendar plugin 6.15.12-6.16.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...
Mr-Robot-CTF-Automation-Scripts
No d...
MAL-2026-5844 Malicious code in numdifftools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c6d98d619244a4f34ba9c2ed85023e35f4064b0a45871edac806d1e8cdeff11 The npm package numdifftools is an empty shell zero-byte index.js that exists solely to fire a preinstall lifecycle hook. The hook runs node -e to...
USN-8431-1 ruby2.3, ruby2.5 vulnerabilities
It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security TLS encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption...
CVE-2026-34022 Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...
EUVD-2026-36705
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can decrypt the data traffic. During reassessment...
Cyber-Arena
CyberArena - Cybersecurity Challenge Platform CyberArena is a...
Malicious code in ect-472839-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67248cb7373817da18e0edf4a019e2e6c9ded239e93a2e477ac168f7f45eeaa package.json declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js issues an HTTP GET to the hardcoded...
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response
OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...
EUVD-2026-36466
OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...
CVE-2026-40677
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...
CVE-2026-40677
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...
CVE-2026-11846
creationtimestamp| type| source ---|---|--- 2026-06-12 00:57:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10970-e4b21-2.html 2026-06-12 11:00:22+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo3ll2uhvd2u 2026-06-12 13:11:57+00:00| seen|...
SAP NetWeaver AS Java Apache Log4j Vulnerability (3726899)
The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a vulnerability in the Apache Log4j library as referenced in SAP Security Note 3726899: - The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...
CVE-2026-44494
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...
CVE-2026-44494 Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`
Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...
CVE-2026-53461
creationtimestamp| type| source ---|---|--- 2026-06-11 00:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnxwaarvuq2v 2026-06-11 01:46:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mny45o6kxl2d...
CVE-2026-10143
kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supplying an excessively large iteration count. In scram.py, ScramClient.processserverfirstmessage...
CVE-2026-45595
Protection mechanism failure in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature over a network...