Lucene search
K

7744 matches found

Nuclei
Nuclei
added 2026/07/02 9:36 a.m.57 views

WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload

WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...

7.2CVSS7.4AI score0.88158EPSS
Exploits9References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/01 12:21 p.m.10 views

Malicious code in date-fns-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4694a079d83e33dcee7f87140c41737009d9f0b19f351c23f2ae3dbce9a47a51 [email protected] presents as a lightweight date-formatting utility but ships a malicious postinstall.js that runs automatically on npm install. T...

5.9AI score
Exploits0References13
NVD
NVD
added 2026/07/01 7:16 a.m.8 views

CVE-2026-11562

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.39 views

CVE-2026-11562 WS Form LITE < 1.11.8 - Subscriber+ Arbitrary Settings Update

The WS Form LITE WordPress plugin before 1.11.8 does not have a capability check on one of its settings-update actions, allowing authenticated users with subscriber-level access and above to modify the WS Form LITE WordPress plugin before 1.11.8's settings...

0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

LiteLLM 1.74.2 < 1.83.7 Command Injection Vulnerability (GHSA-v4p8-mg3p-g94g)

The version of the LiteLLM Python package installed on the remote host is 1.74.2 before 1.83.7. It is, therefore, affected by a vulnerability: - From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST...

8.8CVSS6.3AI score0.80188EPSS
Exploits2References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-390 LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

9.4CVSS5.8AI score0.0049EPSS
Exploits1References5
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57649

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57637

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

4.3CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.10 views

CVE-2026-57649

The CVE concerns the WordPress Shoppable Images Lite plugin (versions

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39764

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.33 views

CVE-2026-57649 WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability

Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...

4.3CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.6 views

EUVD-2026-39753

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.35 views

CVE-2026-57637 WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

4.3CVSS0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.12 views

CVE-2026-57637

CVE-2026-57637 applies to the WordPress Abandoned Cart Lite for WooCommerce plugin (versions

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:14 p.m.7 views

WordPress Shoppable Images Lite plugin <= 1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Shoppable Images Lite versions = 1.3...

4.3CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.6 views

WordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Abandoned Cart Lite for WooCommerce versions = 6.8.0...

4.3CVSS5.8AI score0.00107EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.12 views

Disc Soft DAEMON Tools Lite 12.5.0.2421 - 12.5.0.2434 Embedded Malicious Code (CVE-2026-8398)

The version of Disc Soft DAEMON Tools Lite installed on the remote Windows host is between 12.5.0.2421 and 12.5.0.2434 inclusive. It is, therefore, affected by an embedded malicious code vulnerability. - A supply chain attack compromised the official installation packages of DAEMON Tools Lite,...

9.8CVSS6.2AI score0.01456EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:44 p.m.10 views

CVE-2026-47102

A flaw was found in LiteLLM. A user with access to the /user/update endpoint can exploit a privilege escalation vulnerability. By modifying their own userrole to proxyadmin, an attacker can gain full administrative access to LiteLLM, including control over all users, teams, keys, models, and prom...

8.8CVSS6AI score0.00653EPSS
Exploits2References10
NVD
NVD
added 2026/06/22 9:16 p.m.12 views

CVE-2026-49468

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...

9.8CVSS0.00559EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/22 8:37 p.m.26 views

CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...

9.5CVSS0.00559EPSS
Exploits1References2
Rows per page
Query Builder