Free Security Tools & CVE Database

Track CVE vulnerabilities, run security tools, and stay informed with expert cybersecurity guides.

🛡️ CVE Vulnerability Database (8,987+ CVEs tracked) Browse all →

🔴 Critical (831) 🟠 High (2,811) 🟡 Medium 🟢 Low 📅 2026

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens. This issue was fixed in version 9.5.

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5.

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the app...

CVE-2026-9011 7.5

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

CVE-2026-8692 4.3

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it po...

CVE-2026-8684 5.3

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or de...

🏢 Browse CVEs by Vendor:

Google (134) Microsoft (115) Openclaw (110) Apache (89) Linux (81) Mozilla (80) Axiomthemes (58) Tenda (45)

🛠️ Security Tools View all →

Password Checker

Test your password strength

Password Generator

Generate secure passwords

Privacy Score Quiz

Rate your digital privacy habits

Phishing Detector

Analyze suspicious emails

Data Breach Info

What to do after a breach

Compare top VPN services

Encryption Strength

Evaluate algorithm security

Audit your WiFi settings

2FA support by service

Social Privacy Audit

Lock down your social accounts

📝 Latest Articles

Storm-2561 Is Disguising Trojans as VPN Clients — And Your Search Engine Is Helping Them Do It

VPN Reviews

Storm-2561 Is Disguising Trojans as VPN Clients — And Your Search Engine Is Helping Them Do It

Microsoft has disclosed a credential theft campaign by Storm-2561 that uses SEO poisoning to distribute trojanized VPN clients via fake websites and GitHub-hosted signed installers, stealing credentials with the Hyrax information stealer.

Mar 13, 2026 5 min read

I Poisoned a RAG Knowledge Base in Three Minutes — Here Is Why Every Company Using AI Should Be Terrified

Threat Analysis

I Poisoned a RAG Knowledge Base in Three Minutes — Here Is Why Every Company Using AI Should Be Terrified

A security researcher poisoned an AI knowledge base with three fake documents in under three minutes, making it report fabricated financial data with full confidence.

Mar 13, 2026 6 min read

One Billion Identity Records Just Got Exposed — Inside the Biggest ID Verification Leak in History

Threat Analysis

One Billion Identity Records Just Got Exposed — Inside the Biggest ID Verification Leak in History

An ID verification company left over one billion identity records exposed online. Driver licenses, passports, and biometric data — all sitting on an unprotected server. Here is what happened and what you need to do right now.

Mar 12, 2026 6 min read

AI Browsers Can Now Be Phished in Under Four Minutes — Here Is How Attackers Are Training Scams Against Your AI Assistant

Threat Analysis

AI Browsers Can Now Be Phished in Under Four Minutes — Here Is How Attackers Are Training Scams Against Your AI Assistant

Security researchers tricked Perplexity Comet AI browser into a phishing scam in under four minutes using a technique called Agentic Blabbering. Once trained, the attack works on every user of the same browser. Here is how it works and how to protect yourself.

Mar 12, 2026 5 min read

Microsoft Just Patched 77 Vulnerabilities — The SQL Server One Should Have You Running to Your Keyboard

Threat Analysis

Microsoft Just Patched 77 Vulnerabilities — The SQL Server One Should Have You Running to Your Keyboard

March 2026 Patch Tuesday brings 77 fixes including a critical SQL Server elevation of privilege bug that lets attackers go from low-level access to sysadmin over the network. Here is your triage framework.

Mar 11, 2026 6 min read

Your Security Logs Are Lying to You — How Multi-Vector Attacks Exploit the Gaps Between Your Dashboards

Threat Analysis

Your Security Logs Are Lying to You — How Multi-Vector Attacks Exploit the Gaps Between Your Dashboards

A DDoS attack hit my client. Everyone celebrated when it was mitigated. Nobody noticed the API exploit happening simultaneously on a different subdomain. Welcome to multi-vector attacks.

Mar 11, 2026 7 min read