Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcemen...
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.m...
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory)...
Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can res...
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2...
kernel-research — Framework CVE overflow Usage éducatif uniquement. Structure kernel-research/ ├── framework/ │ ├── Dockerfile.base ← image Docker ...
🧨 PHPSpreadsheet Phar Deserialization Exploit Bypass prohibitWrappers + Remote Code Execution RCE on phpoffice/phpspreadsheet This repository prov...
🧨 CVE-2026-7458 – PickPlugins User Verification OTP Bypass Unauthenticated Authentication Bypass via Loose Comparison in OTP Verification REST API...
🧨 CVE-2025-6440 – WooCommerce Designer Pro Unrestricted File Upload Unauthenticated Arbitrary File Upload via wcdpsavecanvasdesignajax WooCommerce...
🧨 CVE-2026-23550 – Modular Connector Admin Bypass Unauthenticated WordPress Admin Login via origin=mo Parameter Modular Connector Plugin ≤ 2.5.1 -...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
