[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Quick Playground for WordPress 1.3.
Vulnerability Disclosure
20 articles
15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin
On March 24th, 2026, we received a submission for an Unauthenticated Administrator Account Creation vulnerability in WP Maps Pro, a WordPress plugin with mor...
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arb...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 18, 2026 to May 24, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver c...
Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours
India’s cybersecurity agency, CERT-In, has urged organizations to patch, mitigate, or isolate known exploited vulnerabilities affecting internet-facing “crow...
Malicious Websites Exploit SSD Timing Signals to Monitor Visitor Activity
Malicious websites can now exploit subtle SSD timing signals in modern browsers to quietly track what users are doing on their devices, including which sites...
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
Overview Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scor...
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
View CSAF Summary Successful exploitation of this vulnerability could result in an attacker gaining administrator access to the device. The following version...
ABB Busch-Welcome 2 Wire Door Opener Actuator
View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vul...
Fourth Frontier Frontier X Mobile Application, Frontier X2
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical reading...
CP Plus 8 Ch. Network Video Recorder
View CSAF Summary Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or ...
KMW CCTV Security Cameras
View CSAF Summary Successful exploitation of this vulnerability may grant full unauthorized access to camera feeds and settings. The following versions of KM...
Gitea Vulnerability Exposed 30,000 Deployments to Attacks
The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. The post Gitea Vulnerability Exp...
Download pumping: New npm deception technique for supply chain attacks
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious paylo...
Roundcube Webmail Vulnerability Allows Hackers to Execute Malicious SQL Queries
Roundcube Webmail users are being urged to update their systems immediately after the disclosure of multiple security vulnerabilities, including a critical p...
Threat Actors Launch FIFA Website Spoofing Campaign to Steal User Details
Threat actors are actively launching spoofing campaigns targeting FIFA-themed websites ahead of the 2026 FIFA World Cup, according to a Public Service Announ...
FortiClient Code Execution Flaw Exploited to Deploy EKZ Malware
Fortinet customers are facing a new wave of attacks after a critical flaw in FortiClient Endpoint Management Server (EMS) was exploited to push a fake Fortin...
Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect
Tenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the i...
Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference S...