OpenClaw < 2026.3.28 Discord Text Approval Authorization Bypass CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 22 April 2026 at 23:53 Topic: OpenClaw
FortiWeb 8.0.2 Remote Code Execution CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 14 April 2026 at 21:06 Topic: FortiWeb 8.0.2 Remote Code Execution Risk: High Text:# Exploit Title: FortiWeb 8.0.2 - Remote Code Execution # Date: 2025-11-22 # Author: Mohammed Idrees Banyamer # Author Coun...
astrojs/vercel < = 10.0.0 - Unauthenticated x-astro-path Header Path Override CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 3 April 2026 at 22:23 Topic: astrojs/vercel
Wavlink WL-WN579X3-C firewall.cgi UPNP Stack-based Buffer Overflow CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 31 March 2026 at 21:38 Topic: Wavlink WL-WN579X3-C firewall.cgi UPNP Stack-based Buffer Overflow Risk: Medium Text:# Exploit Title: Wavlink WL-WN579X3-C firewall.cgi UPNP Stack-based Buffer Overflow # CVE: CVE-2026-5004 # Date: 2026-03-29 ...
SiYuan < = v3.6.1 Note unauthenticated arbitrary file read (path traversal) CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 26 March 2026 at 09:55 Topic: SiYuan
Tenda AC21 V1.0 V16.03.08.16 - Stack Buffer Overflow in SetNetControlList CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 26 March 2026 at 09:54 Topic: Tenda AC21 V1.0 V16.03.08.16 - Stack Buffer Overflow in SetNetControlList Risk: High Text:#!/usr/bin/env python3 # Exploit Title: Tenda AC21 - Stack Buffer Overflow in SetNetControlList # CVE: CVE-2026-4565 # Date:...
WWBN AVideo < = 26.0 - Authenticated SQL Injection CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 26 March 2026 at 09:54 Topic: WWBN AVideo
Discourse < = 2026.2.1 Authenticated Missing Authorization CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 21 March 2026 at 23:01 Topic: Discourse
Kanboard < = 1.2.50 Authenticated SQL Injection CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 18 March 2026 at 22:17 Topic: Kanboard
Glances < = 4.5.2 OS Command Injection via Mustache Template Fields CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 18 March 2026 at 22:17 Topic: Glances
LB-LINK BL-WR9000 V2.4.9 - Stack-based Buffer Overflow in /goform/get_hidessid_cfg CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 17 March 2026 at 23:04 Topic: LB-LINK BL-WR9000 V2.4.9 - Stack-based Buffer Overflow in /goform/get_hidessid_cfg Risk: High Text:#!/usr/bin/env python3 # Exploit Title: LB-LINK BL-WR9000 HideSSID Stack Overflow # CVE: CVE-2026-42...
LB-LINK BL-WR9000 V2.4.9 - Unauthenticated / Post-Auth Stack-based Buffer Overflow CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 17 March 2026 at 23:04 Topic: LB-LINK BL-WR9000 V2.4.9 - Unauthenticated / Post-Auth Stack-based Buffer Overflow Risk: High Text:#!/usr/bin/env python3 # Exploit Title: LB-LINK BL-WR9000 - Stack-based Buffer Overflow in /goform/get_virtual_cfg # C...
zumba/json-serializer zumba/json-serializer < 3.2.3 RCE CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 15 March 2026 at 17:26 Topic: zumba/json-serializer zumba/json-serializer
Wekan 8.31.0 - 8.33Meteor DDP notificationUsers Sensitive Data Leak CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 15 March 2026 at 17:25 Topic: Wekan 8.31.0 - 8.33Meteor DDP notificationUsers Sensitive Data Leak Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: Wekan 8.31.0 - 8.33Meteor DDP notificationUsers Sensitive Data Leak # CVE: ...
Frappe Framework < 14.99.0 and < 15.84.0 Unauthenticated SQL Injection CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 14 March 2026 at 23:34 Topic: Frappe Framework
PyJWT < 2.12.0 crit header bypass / Insufficient crit validation CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 14 March 2026 at 23:33 Topic: PyJWT
WeGIA < = 3.6.4 Unauthenticated Admin Authentication Bypass CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 8 March 2026 at 16:39 Topic: WeGIA
NocoDB < = 0.301.2 User Enumeration via Password Reset Endpoint CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 8 March 2026 at 16:39 Topic: NocoDB
Craft CMS 4.x & 5.x RCE via Blocklist Bypass CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 8 March 2026 at 16:38 Topic: Craft CMS 4.x & 5.x RCE via Blocklist Bypass Risk: Medium Text:#!/usr/bin/env python3 # Exploit Title: Craft CMS 4.x & 5.x RCE via Blocklist Bypass # CVE: CVE-2026-28783 # Date: 2025-11-...
pac4j-jwt < 4.5.9, < 5.7.9, < 6.3.3 JwtAuthenticator Authentication Bypass via JWE-wrapped PlainJWT CXSECURITY Database RSS Feed - CXSecurity.com By: Mohammed Idrees Banyamer 8 March 2026 at 16:38 Topic: pac4j-jwt