CVE-2026-4602

creationtimestamp| type| source ---|---|--- 2026-03-23 08:36:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhpnqwag7l27 2026-03-24 02:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhri3l3h2r2p...

@1auth/authn-webauthn (>=0.0.0-alpha.0 <=0.0.0-alpha.3), @agentic/stdlib (>=7.4.0 <=7.6.9) +786 more potentially affected by CVE-2026-4602 via jsrsasign (>=0.0.3 <=11.1.0)

jsrsasign NPM version =0.0.3, =0.0.0-alpha.0, =7.4.0, =7.4.0, =6.0.0, =1.0.0-1.0.1.0, =1.0.0-1.0.1.0, =0.0.3-alpha.0, =2.0.0, =2.7.1, =6.0.0, =6.0.0, =0.1.0, =1.0.0, =5.0.0-3998.0 and more Source cves: CVE-2026-4602 Source advisory: OSV:GHSA-8QWJ-4JXW-M8JW...

org.webjars.npm:jsrsasign-util (=1.0.5) potentially affected by CVE-2026-4602 via org.webjars.npm:jsrsasign (=11.1.0)

org.webjars.npm:jsrsasign MAVEN version =11.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsrsasign and may be impacted: - org.webjars.npm:jsrsasign-util =1.0.5 Source cves: CVE-2026-4602 Source advisory:...

CVE-2009-4602

Cross-site scripting XSS vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

EUVD-2007-3312

Malware in sbrugna...

EUVD-2007-3311

Malware in sbrugna...

CVE-2025-4602

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the getfile function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contai...

CVE-2025-4602

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the getfile function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contai...

CVE-2025-4602

creationtimestamp| type| source ---|---|--- 2025-05-24 04:02:11+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpvb2ovbklj2 2025-05-24 04:52:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17480...

CVE-2025-4602 eMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Read

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the getfile function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contai...

CVE-2025-4602

CVE-2025-4602 affects eMagicOne Store Manager for WooCommerce (WordPress) versions 1.2.5 and earlier. The issue is an Arbitrary File Read via the get_file() functionality in the EMO connector, which can be invoked by unauthenticated users in default or credential-compromised configurations. The u...

WordPress eMagicOne Store Manager for WooCommerce plugin <= 1.2.5 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Ryan Kozak in WordPress Plugin eMagicOne Store Manager versions = 1.2.5...

CVE-2022-4602

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/api/theme-edit/ of the component Review Flow Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be...

Exploit for External Control of File Name or Path in Emagicone Emagicone_Store_Manager_For_Woocommerce

eMagicOne Store Manager for WooCommerce md5 EMOSMCDEFAULT...

WordPress Embed Peertube Playlist Plugin < 1.10 is vulnerable to Cross Site Scripting (XSS)

Software Embed Peertube Playlist Type Plugin Vulnerable versions 1.10 Fixed in 1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4602 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b614f5ef7ce2 Credits Bob Matyas Required...

CVE-2024-4602 Embed Peertube Playlist < 1.10 - Editor+ Stored XSS

The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-4602 Embed Peertube Playlist < 1.10 - Editor+ Stored XSS

The Embed Peertube Playlist WordPress plugin before 1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2015-4602

creationtimestamp| type| source ---|---|--- 2024-06-19 19:59:54+00:00| seen| Telegram/OFcRq2nNNh6lt2qa3MZdkhKpJMnJHIvl2kHj9qoKpcvzD1wO...

Malicious code in wlwz-2312-4602 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09d3966c6a030c7b516084272704ca880bf19f52fbff9c16ecc9e503b2c05ac3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-4602

CVE-2023-4602 (Namaste! LMS, WordPress) shows a reflected XSS in the course_id parameter. The vulnerability affects Namaste! LMS up to version 2.6.1.1 and is exploitable by unauthenticated attackers who can trick a user into performing an action (e.g., clicking a link) to execute arbitrary script...