CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/02/06 1:30 p.m.•5 views

CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

5.4CVSS6AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/02/05 1:27 p.m.•3 views

EUVD-2026-5554

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.5.7. This makes it possible for authenticated attackers, with...

4.3CVSS5.4AI score0.00045EPSS

Exploits0References2

Vulnrichment•added 2026/02/05 1:27 p.m.•3 views

CVE-2026-1927 GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css

5.4CVSS6AI score0.00045EPSS

Exploits0References2

RedhatCVE•added 2026/01/23 3:21 p.m.•6 views

CVE-2025-65098

Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI key...

7.4CVSS5.6AI score0.00019EPSS

Exploits1References1