Lucene search
K

82162 matches found

Nuclei
Nuclei
added 15 hours ago51 views

WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting

WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.6AI score0.04448EPSS
Exploits2References5
EUVD
EUVD
added yesterday8 views

EUVD-2026-24981

rm: --preserve-root bypassed via a symlink to / string check instead of dev/inode...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5
OSV
OSV
added yesterday4 views

MAL-2026-6825 Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a7b3360c09fca3400981d3d0d4c5e8a72c8193e0841c5d2eceb193a08fc440e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
OSV
OSV
added yesterday4 views

MAL-2026-6797 Malicious code in mongoose-lean-hooks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51f21ca8cb459221a26134e631f974e5a26cb292386a957c75da31b538119c61 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-59194

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-59194

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS6AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday10 views

CVE-2026-59194

PnPM vulnerability CVE-2026-59194 affects the patch-remove feature. A crafted patch entry could resolve outside the configured patches directory, causing patch-remove to delete an arbitrary reachable file. The issue is fixed in pnpm versions 10.34.4 and 11.7.0. The connected documents do not prov...

7.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-59194 pnpm: patch-remove could delete project-selected files outside the patches directory

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS
Exploits0References1
NVD
NVD
added 3 days ago6 views

CVE-2026-14656

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed...

5.3CVSS0.00443EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-14656 code-projects Assessment Management remove-user.php cross site scripting

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed...

5.3CVSS0.00443EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-14656

CVE-2026-14656 affects code-projects Assessment Management 1.0, with a vulnerability in an unspecified part of /admin/remove-user.php where manipulating the ID parameter enables cross-site scripting. The issue is exploitable remotely and the exploit has been publicly disclosed. CVSS metrics indic...

5.3CVSS4.2AI score0.00443EPSS
Exploits0References6
NVD
NVD
added 5 days ago6 views

CVE-2026-59100

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59100

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS5.9AI score0.0018EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-59100 LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
NVD
NVD
added 6 days ago36 views

CVE-2026-58029

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiRemoveAuthenticationData.Php, includes/Specials/SpecialLinkAccounts.Php,...

5.3CVSS0.00543EPSS
Exploits0References1
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-53353

In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARNONCE in hsraddrisself. syzbot reported the warning 0 in hsraddrisself, whose assumption is simply wrong. hsr-selfnode is cleared in hsrdelselfnode, which is called from hsrdellink. Since dev-rtnllinkops-dellink is...

5.7AI score0.00156EPSS
Exploits0
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-53339

In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...

5.7AI score0.00164EPSS
Exploits0
NVD
NVD
added 6 days ago9 views

CVE-2026-6070

The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is...

9.1CVSS0.00409EPSS
Exploits0References5
CVE
CVE
added 6 days ago19 views

CVE-2026-6070

The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 2:10 p.m.6 views

Malicious code in ts-linting-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...

6AI score
Exploits0References2
Rows per page
Query Builder