Live Feed Aggregator

βš”οΈ Exploit

Latest exploit updates from 5 cybersecurity sources. 15 articles curated daily. Stay informed with real-time exploit intelligence.

Articles
Categories
Sources

Latest Exploit Articles

Exploit-DB.com RSS Feed Jun 1, 2026

[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection

Drupal Core 10.5.5 - Error-Based SQL Injection

Read β†’
Exploit-DB.com RSS Feed Jun 1, 2026

[webapps] WordPress OrderConvo 14 - Path Traversal

WordPress OrderConvo 14 - Path Traversal

Read β†’
Vulnerabilities! - Zero Science Lab May 31, 2026

Lightweight Music Server (LMS) 3.76.0 (metadata) Stored XSS

LMS stores media file metadata tags (such as GENRE, ARTIST, and ALBUM) exactly as written in the file and later renders them in its web interface without HTML-encoding, resulting in stored cross-site scripting. An attacker who gets a file with a malicious tag into the victim's library has their payload saved during...

Read β†’
Exploit-DB.com RSS Feed May 30, 2026

[remote] Notepad++ 8.9.6 - Arbitrary Code Execution

Notepad++ 8.9.6 - Arbitrary Code Execution

Read β†’
Exploit-DB.com RSS Feed May 30, 2026

[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting

YAMCS yamcs-core 5.12.7 - No Rate Limiting

Read β†’
Exploit-DB.com RSS Feed May 30, 2026

[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration

YAMCS yamcs-core 5.12.7 - User Enumeration

Read β†’
Vulnerabilities! - Zero Science Lab Apr 12, 2026

Pachno 1.0.6 FileCache Deserialization Remote Code Execution

The application uses unserialize() function on the contents of cache files stored under {PACHNO_PATH}/cache/ during the framework bootstrap sequence, before any authentication, routing, or controller logic is executed. Cache files are created with world-writable permissions (chmod 0666) and use deterministic,...

Read β†’
Vulnerabilities! - Zero Science Lab Apr 12, 2026

Pachno 1.0.6 (runSwitchUser()) Remote Vertical Privilege Escalation

The authorization check in the runSwitchUser() action evaluates the expression !canSaveConfiguration() && !hasCookie('original_username') and only forbids the request when both subexpressions are true. The presence of the original_username cookie is sufficient to satisfy the second condition, and that cookie is...

Read β†’
Vulnerabilities! - Zero Science Lab Apr 12, 2026

Pachno 1.0.6 Wiki TextParser XXE Vulnerability

Input passed via wiki table syntax ({|..., |-..., |...||...) and allowed inline tags (, , , etc.) in issue descriptions, comments, and wiki articles is concatenated into XML strings and parsed by simplexml_load_string() in the TextParser helper without setting LIBXML_NONET or otherwise restricting entity...

Read β†’
Vulnerabilities! - Zero Science Lab Apr 12, 2026

Pachno 1.0.6 Cross-Site Request Forgery

CSRF protection in the application is opt-in via the @CsrfProtected annotation and the csrf_enabled route flag, both of which are absent from a large set of state-changing endpoints including login, registration, logout, file upload, milestone editing, group/role/team/client/user administration, and Livelink commit...

Read β†’
Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research Jul 3, 2023

Citrix Gateway & Cloud MFA - Insufficient Session Validation Vulnerability

Read β†’
Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research Oct 25, 2021

Bundeswehr Generalmajor officially acknowledges Whitehat for Responsible Disclosure Activities

Read β†’
Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research Oct 19, 2021

BMW Mail - Persistent Validation Vulnerability

Read β†’
Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research Jul 28, 2021

Google Upgrades VRP Bug Bounty Platform

Read β†’
Vulnerability Magazine - Acknoweldgements, Bug Bounties & Security Research Apr 6, 2021

MSRC extends Bug Bounty Program for Microsoft Teams

Read β†’
More from secretshare.me
πŸ” PassGen πŸ” HTTP Headers πŸ› οΈ Tools 🌐 CIDR Calculator ⚑ SAPLingo πŸ”— Bulk Open ⚑ DNS Speed πŸ›‘οΈ ipleak