Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7.5 PACKETSTORM:223805

📄 WordPress Contest Gallery 28.1.4 SQL Injection_PACKETSTORM:223805

WordPress Contest Gallery plugin version 28.1.4 unauthenticated blind SQL Injection exploit written in Python3...

N/A N/A PACKETSTORM
NONE F5663BA3-FD03-

NextJS-Middleware-Bypass-PoC_F5663BA3-FD03-5E91-BE24-0C0702FCE22F

MCID15795619: Next.js Middleware Bypass PoC Executive Summary This repository contains the technical details and Proof of Concept PoC for a High-Se...

N/A N/A GITHUBEXPLOIT
NONE 0CF22E77-69CF-

SQL-Injection_0CF22E77-69CF-5381-99B9-FA46DAC954C6

SQL-Injection This project, developed in VS Code using JavaScript Node.js, demonstrates the mechanics and remediation of SQL Injection SQLi. It fea...

N/A N/A GITHUBEXPLOIT
HIGH 8.4 CVE-2026-12390

Access of resource using incompatible type (‘type confusion’) in AzeoTech DAQFactory_CVE-2026-12390

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files w...

AzeoTech DAQFactory CVE
MEDIUM 6.9 CVE-2026-56099

OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input_CVE-2026-56099

OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input...

openbsd src CVE
MEDIUM 5.8 CVE-2026-48983

pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution_CVE-2026-48983

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in p...

mcdope pam_usb < 0.9.2 CVE
MEDIUM 5.8 CVE-2026-48982

pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race_CVE-2026-48982

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a...

mcdope pam_usb < 0.9.2 CVE
MEDIUM 6.7 CVE-2026-48981

pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c_CVE-2026-48981

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pam_usb calls xmlReadFile() with fla...

mcdope pam_usb < 0.9.2 CVE
MEDIUM 6.3 CVE-2026-48980

pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic_CVE-2026-48980

pam_usb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv() environment variables XRDP_SESSION,...

mcdope pam_usb < 0.9.2 CVE
NONE THN:61A3E81EE06...

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites_THN:61A3E81EE060D294ED20FB1D0B47CAB5

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1-D7cu6ZQpoZXfPa_eYHuQijjkt6mJRjmoIS9eSnCGPPgyXNz-AChti_zkCGmlefTdBm5bvbyxXbrJVbpVJ...

N/A N/A THN