435190 matches found
CVE-2026-14495
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CVE-2026-14495
CVE-2026-14495 affects DoLogin Security for WordPress up to version 4.3. The issue is an authentication bypass caused by insufficient randomness in the dologin token: the PRNG is seeded with mt_srand((double) microtime() * 1000000), discarding the integer-seconds and giving ~10^6 seeds (~20 bits ...
CVE-2026-14495 DoLogin Security <= 4.3 - Unauthenticated Authentication Bypass via Insufficient Randomness via 'dologin' Parameter Weak PRNG Token
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
EUVD-2026-42167
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologin\s::rrand seeds the Mersenne Twister with mtsranddouble microtime 1000000 — discarding the integer-second...
CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...
nmap-enumeration-lab
Network Scanning & Host Enumeration with Nmap Host discovery,...
[SECURITY] Fedora 43 Update: perl-IO-Compress-2.221-1.fc43
This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...
Exploit for CVE-2026-49777
!AMN SECURITYhttps://img.shields.io/badge/AMN-SECURITY-000000...
Exploit for CVE-2026-8206
🛡️ AMN SECURITY 🛡️ !CVE-2026-8206https://img.shields.io/ba...
Medium: qt5-qt3d
Issue Overview: A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possib...
Medium: opensc
Issue Overview: A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The...
PT-2026-56322
The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because dologins::rrand seeds the Mersenne Twister with mt sranddouble microtime 1000000 — discarding the integer-second...
Exploit for Command Injection in Litellm
─── CVE-2026-42271 ─── 🛡️ AMN SECURITY 🛡️ مركز أ...
Exploit for Deserialization of Untrusted Data in Microsoft
─── CVE-2026-45659 ─── 🏴 AMN SECURITY 🏴 مركز أب...
Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller
─── CVE-2026-8451 ─── 🏴 AMN SECURITY 🏴 مركز أبح...
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...
GHSA-4G5X-HCWM-82JW Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...
GHSA-CWV4-H3J5-W3CF rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...
CVE-2026-55078
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, POST /api/v2/files converts zip uploads to tar in memory via CreateTarFromZip, which enforced a per-entry size limit but no...