Tag
9routers Database Exposure and Takeover via Insecure API
1 rule 6 TTPs 1 IOCA critical vulnerability (CVE-2026-55500) in 9routers versions <= 0.4.71 allows authenticated attackers with a valid JWT token to export the complete database containing plaintext credentials and secrets, and to import a modified database, leading to full system takeover and credential theft.
Gitea: Multiple Vulnerabilities Leading to XSS, Info Disclosure, and File Manipulation
4 TTPsAn attacker can exploit multiple unpatched vulnerabilities in Gitea to bypass security measures, disclose sensitive information, perform Cross-Site Scripting (XSS) attacks, and manipulate files, posing a high risk to self-hosted Git instances.
CVE-2026-14747: SQL Injection in code-projects Real State Services 1.0
1 rule 1 TTP 1 CVEA high-severity SQL Injection vulnerability, CVE-2026-14747, exists in the /addprojectsale.php file of code-projects Real State Services 1.0, allowing remote unauthenticated attackers to manipulate the 'amen' argument for arbitrary SQL query execution, leading to data compromise or unauthorized access.
CVE-2026-14744: Remote SQL Injection in code-projects Real State Services 1.0
1 rule 4 TTPs 1 CVE 6 IOCsA critical SQL injection vulnerability (CVE-2026-14744) has been found in code-projects Real State Services version 1.0. The flaw resides in an unknown function within the /normalHomeRent.php file, where manipulating the 'loc' argument allows for remote SQL injection, and a public exploit has been released, posing an immediate threat to affected systems.
CVE-2026-14737: Hanwang e-Face General Management Platform SQL Injection
1 rule 1 TTP 1 CVEA remote SQL injection vulnerability (CVE-2026-14737) affects Hanwang e-Face General Management Platform version 6.3.5.4, specifically within the `/sysAuthStr/querySysAuthStr.do` file, triggered by manipulating argument order, allowing remote attackers to potentially gain unauthorized access to or modify database contents with a publicly available exploit.
Web Server Cloud Metadata SSRF Exploitation
1 rule 2 TTPs 7 IOCsAttackers are actively exploiting Server-Side Request Forgery (SSRF) vulnerabilities in public-facing web applications to access cloud instance metadata services, such as those on AWS, GCP, and Azure, to harvest temporary credentials and sensitive instance details.
Steeltoe Host Header Bypass Vulnerability (CVE-2026-50194)
1 rule 2 TTPs 1 CVEAn unauthenticated remote attacker can bypass port isolation in Steeltoe applications configured with `Management:Endpoints:Port` by spoofing the Host HTTP header, allowing access to all actuator endpoints (CVE-2026-50194).