Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

602 matches found

Nuclei
Nucleiadded 2 days ago16 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.4AI score0.20235EPSS
Exploits3References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/20 10:36 a.m.6 views

Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

5.9AI score
Exploits0References1
OSV
OSVadded 2026/05/20 10:36 a.m.7 views

MAL-2026-4736 Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/19 6:39 p.m.7 views

Malicious code in alya-baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 473103f2220a0215abf49be7e46ec1748052935ce188e0eee6ded08af7b47cf1 alya-baileys is a fork of the Baileys WhatsApp library that adds a hidden, remotely-controlled action channel against the installer's authenticated...

5.8AI score
Exploits0References8
Patchstack
Patchstackadded 2026/03/03 11:44 p.m.5 views

WordPress Email Subscribers & Newsletters plugin <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter vulnerability

Authenticated Administrator+ SQL Injection via 'workflowids' Parameter vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.16...

6.5CVSS6AI score0.00015EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm Newsadded 2026/02/02 12:0 a.m.3 views

MailPoet Newsletters 2.6.19 Cross Site Scripting

A cross site scripting vulnerability exists in MailPoet Newsletters WordPress Plugin version 2.6.19. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.00359EPSS
Exploits0
Patchstack
Patchstackadded 2026/01/30 3:37 a.m.5 views

WordPress SendPress Newsletters plugin <= 1.23.11.6 - Admin+ Stored XSS via Settings vulnerability

Admin+ Stored XSS via Settings vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin SendPress Newsletters versions = 1.23.11.6...

6.8CVSS5.9AI score0.00079EPSS
Exploits2References1Affected Software1
Patchstack
Patchstackadded 2026/01/30 3:35 a.m.7 views

WordPress SendPress Newsletters plugin <= 1.23.11.6 - Admin+ Stored XSS via Form Settings vulnerability

Admin+ Stored XSS via Form Settings vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin SendPress Newsletters versions = 1.23.11.6...

6.1CVSS5.9AI score0.00098EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/10 5:41 a.m.0 views

CVE-2025-67911

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS5.9AI score0.00098EPSS
Exploits0References1
NVD
NVDadded 2026/01/08 10:15 a.m.1 views

CVE-2025-67911

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS0.00098EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/08 9:17 a.m.21 views

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS0.00098EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/01/08 9:17 a.m.1 views

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS6.6AI score0.00098EPSS
Exploits0References1
CVE
CVEadded 2026/01/08 9:17 a.m.7 views

CVE-2025-67911

CVE-2025-67911 describes a Deserialization of Untrusted Data vulnerability in the Tribulant Software Newsletters newsletters-lite plugin. The WordPress/newsletters entry states unauthenticated Object Injection via deserialization, affecting Newsletters: from n/a through

9.8CVSS6.6AI score0.00098EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/01/08 12:0 a.m.2 views

WordPress plugin Newsletters 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

9.8CVSS6.5AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/08 12:0 a.m.1 views

PT-2026-1889

Name of the Vulnerable Software and Affected Versions Tribulant Software Newsletters versions prior to 4.11 Description An issue exists in Tribulant Software Newsletters newsletters-lite related to the deserialization of untrusted data, which allows for object injection. Recommendations Update to...

9.8CVSS6.6AI score0.00098EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/12/31 12:46 p.m.3 views

WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Skalucy in WordPress Plugin Newsletters versions = 4.11...

9.8CVSS7.3AI score0.00098EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVEadded 2025/12/31 11:5 a.m.3 views

CVE-2025-69020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

6.5CVSS6AI score0.00024EPSS
Exploits0References1
Patchstack
Patchstackadded 2025/12/31 12:0 a.m.3 views

WordPress Email Subscribers plugin < 5.7.45 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.45...

4.8CVSS5.9AI score0.00164EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2025/12/30 12:30 p.m.1 views

EUVD-2025-205724

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

6.5CVSS5.5AI score0.00024EPSS
Exploits0References2
NVD
NVDadded 2025/12/30 11:16 a.m.1 views

CVE-2025-69020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

6.5CVSS0.00024EPSS
Exploits0References1
Rows per page
Query Builder