Lucene search
K

2112 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

7.1CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57734 WordPress tagDiv Composer plugin <= 5.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

7.1CVSS0.00251EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57734

The CVE concerns WordPress tagDiv Composer (td-composer). Affected: tagDiv Composer

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday20 views

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

6.1CVSS6.8AI score0.01582EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday170 views

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

9.8CVSS7.1AI score0.35228EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday10 views

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

9.8CVSS7AI score0.03546EPSS
Exploits2References2
Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 44 Update: composer-2.10.2-1.fc44

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

6.1AI score
Exploits0
Fedora
Fedora
added 3 days ago9 views

[SECURITY] Fedora 43 Update: composer-2.10.2-1.fc43

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

6.1AI score
Exploits0
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43092

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

6.1AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-11914

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

5.9CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-11914

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

5.9CVSS6.1AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-11914 Composer - Critical - Unsupported - SA-CONTRIB-2026-046

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

0.00153EPSS
Exploits0References1
NVD
NVD
added 6 days ago4 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS0.00108EPSS
Exploits0References5
NVD
NVD
added 6 days ago7 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS0.00136EPSS
Exploits0References5
NVD
NVD
added 6 days ago5 views

CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS0.00132EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-59947 Composer: URL-embedded HTTP-Basic username leaks to verbose logs (GitHub PAT exposure)

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS0.00108EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS6AI score0.00108EPSS
Exploits0
CVE
CVE
added 6 days ago7 views

CVE-2026-59947

Composer is affected: prior to versions 2.2.29 and 2.10.2, running with -vvv could leak credentials embedded in the username slot of a repository or package URL (e.g., https://TOKEN@host/) to debug logs because AuthHelper, Url::sanitize, and ProcessExecutor did not sanitize username-only URL cred...

4.7CVSS6AI score0.00108EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59948 Composer: Arbitrary file write outside vendor via malicious transitive package name

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS0.00132EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-59948

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...

7CVSS6AI score0.00132EPSS
Exploits0
Rows per page
Query Builder