Lucene search
K

882 matches found

Cvelist
Cvelist
added 2026/05/28 7:43 a.m.33 views

CVE-2026-7526 PDF Embedder <= 4.9.3 - Authenticated (Contributor+) Information Exposure via Block Editor Page

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueueblockassets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44457

OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, OpenReplay's Python API exposes several app apikey routes that trust a caller-provided projectKey after validating only that the API key itself is valid and that the target projectKey exists. The authorization flow does not verify...

7.7CVSS5.8AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.26 views

PT-2026-44218

The PDF Embedder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.3 via the enqueue block assets. This makes it possible for authenticated attackers, with contributor-level access and above, to extract configuration data. License key...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 9:34 p.m.13 views

EUVD-2026-32014

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:34 p.m.9 views

CVE-2026-44213

The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana back-end when a proxy is configured using the...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/26 9:34 p.m.20 views

CVE-2026-44213

The CVE affects the OpenTelemetry.Exporter.Instana NuGet package. Before version 1.1.0, when INSTANA_ENDPOINT_PROXY is set, the Transport.ConfigureBackendClient() code creates an HttpClient that disables TLS certificate validation, allowing a network attacker to perform a MitM on the proxy and re...

6.5CVSS5.8AI score0.00207EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 6:40 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the uploadedFileSaveIn function, which uses filepath.Join with user-supplied directory input but does not validate the resulting path boundaries. An attacker can write files outside the intended web root by...

8.7CVSS6.3AI score0.00344EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 12:35 a.m.7 views

MAL-2026-4454 Malicious code in @taskd/maritime-email-processor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5aef29b4050fca18dd803428274de6072ff7412ecd134bd68dcc1f5e8fa150 The package's sole exported function emailProcessor in dist/index.mjs POSTs to a hardcoded endpoint https://job-api.alex-c92.workers.dev, sending the...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 9:43 a.m.9 views

MAL-2026-4656 Malicious code in raise-common-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7401fb7c3259e43181ef51ca47b984450f7a849fed5a9598e6131b4c0ed5d2bb The package's rich-text editor module hardcodes an Azure OpenAI endpoint https://aidevused.openai.azure.com/ and an api-key in...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/05/23 5:16 a.m.12 views

CVE-2026-6897

The Wishlist Member plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'WishListMember\Features\TeamAccounts::savesettings' function in all versions up to, and including, 3.30.1. This makes it possible for authenticated attackers, with...

8.8CVSS0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/05/23 5:16 a.m.13 views

CVE-2026-6895

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...

8.8CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/05/23 5:16 a.m.11 views

CVE-2026-6419

The WishList Member plugin for WordPress is vulnerable to Privilege Escalation via Missing Authorization in versions up to and including 3.30.1. This is due to the missing capability and nonce check in the ajaxgetscreen function. This makes it possible for authenticated attackers, with...

8.8CVSS0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.12 views

PT-2026-42863

Name of the Vulnerable Software and Affected Versions WishList Member versions prior to 3.30.2 Description An issue exists where missing authorization allows for privilege escalation. The ajax get screen function fails to perform necessary capability and nonce checks. Authenticated attackers with...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/21 5:11 p.m.9 views

CVE-2026-48249 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...

8.2CVSS5.9AI score0.00173EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.18 views

Malicious code in wallet-security-checker (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:11 p.m.12 views

Malicious code in @jemavidev/betteragents-pi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3b6e1a3902ad5cc75204b7a6eea3727c6a6c31797d7cfd7a0cd12a64892887bd The package brands itself as an OpenRouter LLM extension and instructs users to obtain a key with the canonical sk-or-v1- prefix from...

5.8AI score
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1, Linux-5.10

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections support pairing in Bluetooth Core Specification 4.2 through 5.4. However, these devices are vulnerable to certain man-in-the-middle attacks, which force the use of a short key length. This vulnerability may lead to the...

6.8CVSS6.7AI score0.01297EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...

5.5CVSS5.6AI score0.00121EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:6 a.m.11 views

Malicious code in cloud-pc-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 044178c5b07f16ba0681f534724c7bcac3c8f39832484c7a3ac51d43a69cd803 The ai login CLI subcommands loginMode huggingface, ollamacloud, ollamalocal each download a proxy script from a mutable refs/heads/main branch of a...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/19 11:30 p.m.11 views

MAL-2026-4390 Malicious code in @flowselections/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b28cf238827c035b4f3103aff9bf803421b7d16d1c7877d7e74c5fcd71f3283b The package exports a supabase client and LoginPage component wired to a hardcoded Supabase URL https://vmicscahrnzpmhagztmx.supabase.co and anon key...

5.8AI score
Exploits0References2
Rows per page
Query Builder