Lucene search
K

850 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43534

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:54 a.m.12 views

Malicious code in hpsetup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...

6.3AI score
Exploits0References11
OSV
OSV
added 2026/05/20 12:54 a.m.10 views

MAL-2026-4579 Malicious code in hpsetup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...

6.3AI score
Exploits0References11
NVD
NVD
added 2026/05/18 7:16 a.m.20 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:0 a.m.10 views

CVE-2026-1631

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 6:0 a.m.11 views

EUVD-2026-30735

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:0 a.m.23 views

CVE-2026-1631

The CVE-2026-1631 entry affects the Feeds for YouTube WordPress plugin prior to version 2.6.4. The root cause is a missing capability check in the 'actions' function, allowing subscribers and higher roles to perform unauthorized modifications to the plugin’s license key. The impact is license key...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 6:0 a.m.10 views

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

5.8AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.48 views

CVE-2026-1631 Feeds for YouTube < 2.6.4 - Subscriber+ License Data Deletion

The Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube YouTube video, channel, and gallery plugin WordPress plugin before 2.6.4's license key due to a missing capability check on the...

0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41635

Name of the Vulnerable Software and Affected Versions Feeds for YouTube versions prior to 2.6.4 Description A missing capability check in the actions function allows users with subscriber privileges or higher to unauthorizedly modify or delete the plugin license key. Recommendations Update to...

5.4CVSS5.2AI score0.00231EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 5:2 p.m.10 views

MINI-J3W9-VJGC-V5RF

Bulletin has no description...

7.5CVSS5.7AI score0.00326EPSS
Exploits0
NVD
NVD
added 2026/04/26 10:17 p.m.6 views

CVE-2018-25264

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a...

6.9CVSS0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/04/26 10:17 p.m.8 views

CVE-2018-25273

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an...

6.9CVSS0.00126EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/26 1:19 p.m.35 views

CVE-2018-25273 CrossFont 7.5 Denial of Service via License Key Field

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an...

6.9CVSS0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/04/26 1:19 p.m.6 views

CVE-2018-25273

CrossFont 7.5 contains a local buffer overflow in the License Key field that can crash the application when processing an oversized payload. An attacker can craft a malicious file around 4000 bytes and input it into License Key to trigger the crash. Impact is limited to availability (crash) with ...

6.9CVSS5.7AI score0.00126EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/26 1:19 p.m.3 views

CVE-2018-25264

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a...

6.9CVSS5.8AI score0.00156EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/26 1:19 p.m.4 views

CVE-2018-25273

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an...

6.9CVSS5.7AI score0.00126EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/26 1:19 p.m.6 views

CVE-2018-25273 CrossFont 7.5 Denial of Service via License Key Field

CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malicious file containing 4000 bytes of data, paste it into the License Key input field, and trigger an...

6.9CVSS5.7AI score0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/04/26 1:19 p.m.9 views

CVE-2018-25264

TransMac 12.2 is affected by a buffer overflow in the License Key input field. An attacker can craft a payload file containing ~4000 bytes, paste it into the License Key field, and trigger a local denial-of-service condition. The issue is documented with CVSS vectors indicating Local access, Low ...

6.9CVSS5.8AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/26 1:19 p.m.6 views

EUVD-2018-21792

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a...

6.9CVSS5.8AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder