Lucene search
+L

247 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.3 views

CVE-2026-33347

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/25 8:8 p.m.5 views

@0dotxyz/p0-ts-sdk (>=2.1.1 <=2.2.0-alpha.4), @1stg/app-config (>=4.0.0 <=9.0.1) +2366 more potentially affected by CVE-2026-33532 via yaml (>=2.0.0 <=2.8.2)

yaml NPM version =2.0.0, =2.1.1, =4.0.0, =4.2.0, =6.0.0, =0.0.3, =1.0.0, =7.0.0, =0.1.0-alpha.1, =0.24.1-20230627140514, =0.25.1-20250326172337, =0.24.1-20230627140514, =3.25.5, =3.10.2-20230627150207, =3.14.1-20230608124329, =3.32.1 and more Source cves: CVE-2026-33532 Source advisory:...

4.3CVSS7.2AI score0.0047EPSS
Exploits1
EUVD
EUVD
added 2026/03/25 6:31 p.m.6 views

EUVD-2026-15679

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through 2.8.2...

5.8AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25358

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through 2.8.2...

8.8CVSS0.00344EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2026-25358 WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through 2.8.2...

8.8CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-25358

The CVE-2026-25358 entry covers a PHP object-injection vulnerability in the WordPress Meloo theme, affecting Meloo versions prior to 2.8.2. Root cause: deserialization of untrusted data could lead to object injection. Impact as stated includes high confidentiality, integrity, and availability con...

8.8CVSS5.8AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Meloo 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27919

Name of the Vulnerable Software and Affected Versions rascals Meloo versions prior to 2.8.2 Description An issue exists in rascals Meloo related to the deserialization of untrusted data, which allows for object injection. The deserialization process does not properly validate the incoming data,...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 8:16 p.m.4 views

UBUNTU-CVE-2026-33347

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/24 7:26 p.m.4 views

CVE-2026-33347 league/commonmark has an embed extension allowed_domains bypass

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 7:26 p.m.19 views

CVE-2026-33347

Summary: CVE-2026-33347 affects league/commonmark’s Embed extension DomainFilteringAdapter. A missing hostname boundary assertion in the domain-matching regex allows an attacker-controlled domain (e.g., youtube.com.evil) to bypass the allowlist, potentially treating untrusted content as allowed. ...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/03/23 1:11 p.m.5 views

WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Meloo versions 2.8.2...

8.8CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/03/19 7:4 p.m.2 views

Server-side Request Forgery (SSRF)

Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the DomainFilteringAdapter process. An attacker ca...

6.3CVSS6.1AI score0.00241EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:17 p.m.8 views

Malicious code in zip.js-2.8.2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10faa984dcce106c0df9aa067d4df43300087a73598df5ef841c874d9b507042 The package zip.js-2.8.2 was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:17 p.m.5 views

MAL-2026-1881 Malicious code in zip.js-2.8.2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 10faa984dcce106c0df9aa067d4df43300087a73598df5ef841c874d9b507042 The package zip.js-2.8.2 was found to contain malicious code...

5.8AI score
Exploits0
Patchstack
Patchstack
added 2026/03/04 6:46 a.m.7 views

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability

WordPress JS Help Desk - AI-Powered Support & Ticketing System plugin 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie vulnerability discovered by WordFence in WordPress Plugin JS Help Desk versions = 2.8.2...

7.5CVSS6AI score0.01317EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/02/22 2:26 p.m.386 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms

CVE-2024-46987 — Camaleon CMS Arbitrary Path Traversal Fo...

7.7CVSS5.7AI score0.1456EPSS
Exploits11
NVD
NVD
added 2026/02/20 4:22 p.m.7 views

CVE-2025-67984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...

7.1CVSS0.00186EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

WordPress plugin NPS computy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.00186EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/03 5:52 p.m.8 views

cn.datask:dat-adapter-duckdb (>=0.6.1 <=0.7.1), cn.datask:dat-adapter-mysql (>=0.6.1 <=0.7.1) +158 more potentially affected by CVE-2026-25526 via com.hubspot.jinjava:jinjava (>=2.8.0 <=2.8.2)

com.hubspot.jinjava:jinjava MAVEN version =2.8.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.0, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.6.1, =0.7.1 and more Source cves: CVE-2026-25526 Source advisory: SNYK:JAVA-COMHUBSPOTJINJAVA-15189006...

9.8CVSS5.8AI score0.00889EPSS
Exploits1
Rows per page
Query Builder