42286 matches found
cyber-pentools
🔥 Cyber Pentools — All-in-One Penetration Testing Toolkit 2...
CVE-2026-10725 Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb
Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...
CVE-2026-10725
Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per index...
CVE-2026-10725
CVE-2026-10725 affects Protocol::HTTP2 for Perl up to version 1.12. The vulnerability stems from the inbound HPACK path having no header-list size limit, allowing a small HTTP/2 request to expand into large server memory (the HTTP/2 bomb). The headers_decode method copies a full key+value per ind...
BIT-DJANGO-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...
CVE-2026-8450
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...
CVE-2026-9016 Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action
The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...
ROOT-OS-DEBIAN-13-CVE-2022-1247 CVE-2022-1247 in rootio-linux - Patched by Root
Root has patched CVE-2022-1247 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-13-CVE-2026-23069 CVE-2026-23069 in rootio-linux - Patched by Root
Root has patched CVE-2026-23069 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...
ROOT-OS-DEBIAN-11-CVE-2022-21546 CVE-2022-21546 in rootio-linux - Patched by Root
Root has patched CVE-2022-21546 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...
iboss Secure Web Gateway - Stored Cross-Site Scripting
A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the...
Aquatronica Controller System <= 5.1.6 - Information Disclosure
Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...
LiquidFiles < 4.2 - User Enumeration via Password Reset
LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...
MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
MPDV Mikrolab GmbH HYDRA X, MIP 2, and FEDRA 2 = Maintenance Pack 36 with Servicepack 8 week 36/2025 contain an unauthenticated local file disclosure vulnerability caused by improper validation of the "Filename" parameter in the public $SCHEMAS$ resource, letting attackers read arbitrary Windows ...
Arcserve Unified Data Protection - Authentication Bypass
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...
WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...
XWiki Platform - Cross-Site Scripting
XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...
Giga Messenger WordPress - Cross-Site Scripting
Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...
CVE-2026-6242
creationtimestamp| type| source ---|---|--- 2026-06-06 01:13:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnlhytj5ru2d...
CVE-2026-9290
creationtimestamp| type| source ---|---|--- 2026-06-06 01:00:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlha7sokz2g 2026-06-06 01:23:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnlikqk23d2r 2026-06-06 06:00:11+00:00| seen|...