Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...
Morning Overview on MSN

An 18-year-old flaw in NGINX just gave attackers remote code execution on millions of web servers — nobody noticed for two decades

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical security flaw. Nobody caught it. Not the open-source contributors who maintained ...
GitHub

Filenames_or_Directories_All.wordlist

images css LC_MESSAGES js default.php index.php tmpl lang default Thumbs.db README templates langs editor_plugin.js config GNUmakefile themes en img view.html.php editor_plugin_src.js admin helper.php ...
GitHub

raft-medium-words-lowercase.txt

.php cgi-bin images admin includes search .html cache login modules templates plugins wp-admin themes js index xmlrpc wp-includes media wp-content css language tmp scripts register misc install ...