Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CVE
CVEadded yesterday5 views

CVE-2017-20252

This CVE affects Joomla NextGen Editor 2.1.0. The vulnerability is an SQL injection in the plname parameter, exploitable via GET requests to index.php with option=com_nge&view=config, enabling an unauthenticated attacker to inject SQL and potentially access sensitive database information. Reporte...

8.8CVSS6.3AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/26 12:0 a.m.5 views

PT-2026-22203

Name of the Vulnerable Software and Affected Versions wger versions prior to 2.4 Description wger is a free, open-source workout and fitness manager. Versions up to and including 2.4 improperly handle user data retrieval. The RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet API endpoints...

4.3CVSS5.9AI score0.00257EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/27 6:20 a.m.3 views

EUVD-2025-36089

Malicious code in tailwind-config-view npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/10/27 6:20 a.m.4 views

Malicious code in tailwind-config-view (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f09d3964a8d2d069f80eb368ccd713c6c2347bdd6790589bc55a96f726904eb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snykadded 2025/10/27 6:20 a.m.1 views

Malicious Package

Overview tailwind-config-view is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSVadded 2025/10/27 6:20 a.m.2 views

MAL-2025-48779 Malicious code in tailwind-config-view (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f09d3964a8d2d069f80eb368ccd713c6c2347bdd6790589bc55a96f726904eb6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snykadded 2025/04/09 1:9 p.m.4 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the endpoints listed below. An attacker can manipulate user data or configuration settings, and perform unauthorized actions by convincing users to follow malicious links that execute unintended...

5.1CVSS7.1AI score
Exploits0References2
OSV
OSVadded 2022/12/12 9:15 a.m.1 views

CVE-2022-46687

Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to change build display names...

5.4CVSS5.7AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/12/07 12:0 a.m.3 views

PT-2022-27951 · Jenkins · Jenkins Spring Config Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Spring Config Plugin versions 2.0.0 and earlier Description: The issue is a stored cross-site scripting XSS vulnerability. It occurs because build display names shown on the Spring Config view are not escaped, allowing attackers who c...

8CVSS5.1AI score0.00456EPSS
Exploits0References6
Rows per page
Query Builder