Free Security Tools & CVE Database

Track CVE vulnerabilities, run security tools, and stay informed with expert cybersecurity guides.

πŸ›‘οΈ CVE Vulnerability Database (8,987+ CVEs tracked) Browse all β†’

πŸ”΄ Critical (831) 🟠 High (2,811) 🟑 Medium 🟒 Low πŸ“… 2026
CVE-2026-25608
STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker toΒ conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens. This issue was fixed in version 9.5.
CVE-2026-25607
Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5.
CVE-2026-25606
A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such asΒ data belonging to other users, or any other data that the app...
CVE-2026-9011 7.5
The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...
CVE-2026-8692 4.3
The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it po...
CVE-2026-8684 5.3
The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or de...
🏒 Browse CVEs by Vendor:
Google (134) Microsoft (115) Openclaw (110) Apache (89) Linux (81) Mozilla (80) Axiomthemes (58) Tenda (45)

πŸ› οΈ Security Tools View all β†’

πŸ”
Password Checker
Test your password strength
 πŸ”‘
Password Generator
Generate secure passwords
 πŸ›‘οΈ
Privacy Score Quiz
Rate your digital privacy habits
 🎣
Phishing Detector
Analyze suspicious emails
 πŸ”“
Data Breach Info
What to do after a breach
 🌐
VPN Comparison
Compare top VPN services
 πŸ”’
Encryption Strength
Evaluate algorithm security
 πŸ“Ά
WiFi Security
Audit your WiFi settings
 πŸ“±
2FA Guide
2FA support by service
 πŸ‘οΈ
Social Privacy Audit
Lock down your social accounts

πŸ“ Latest Articles

Mini Shai-Hulud npm and PyPI Worm: How TeamPCP Hijacked TanStack, AntV, and OIDC Trusted Publishing in May 2026 (Developer Defense Guide)
Threat Analysis

Mini Shai-Hulud npm and PyPI Worm: How TeamPCP Hijacked TanStack, AntV, and OIDC Trusted Publishing in May 2026 (Developer Defense Guide)

In May 2026 the Mini Shai-Hulud worm compromised 84 @tanstack packages in 6 minutes and 300+ @antv-adjacent versions in 22 minutes by exploiting npm OIDC trusted publishing. Even maintainers with 2FA, short-lived tokens, and signed provenance got hit. Here is what actually broke, what I changed in my CI pipelines across seven aggregator sites, and a 9-step lockdown plan for your npm and PyPI workflow.

May 29, 2026 9 min read