Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/05/12 12:0 a.m.6 views

PT-2026-39962

The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permission callback of ' return true', which bypasses...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References6
Patchstack
Patchstackadded 2026/01/13 10:39 p.m.4 views

WordPress Shipping Rates by City for WooCommerce plugin <= 1.0.3 - Authenticated (Shop Manager+) SQL Injection via 'cities' Parameter vulnerability

Authenticated Shop Manager+ SQL Injection via 'cities' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Shipping Rates by City for WooCommerce versions = 1.0.3...

4.9CVSS8.1AI score0.00041EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2025/11/19 5:35 p.m.23 views

CVE-2025-65099

CVE-2025-65099 – Claude Code pre‑startup trust bypass via Yarn 3.x plugins is raised for Claude Code prior to 1.0.39. The issue allowed code execution from a project directory by exploiting Yarn 3.0+ plugins before the startup trust dialog was accepted. Affected scenario required running Claude C...

9.8CVSS7.1AI score0.00141EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2025/09/24 8:15 p.m.4 views

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

9.8CVSS0.0008EPSS
Exploits0References1
OSV
OSVadded 2025/08/08 10:16 p.m.2 views

CVE-2025-8741

A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The...

5.9CVSS4.2AI score
Exploits0References5
Cvelist
Cvelistadded 2025/03/26 3:49 p.m.10 views

CVE-2025-27406 Icinga Reporting Stored XSS leads to SSRF

Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present in versions 0.10.0 through 1.0.2 allows to set up a template that allows to embed arbitrary Javascript. This enables the attacker to act...

7.6CVSS0.00073EPSS
Exploits0References2
OSV
OSVadded 2021/12/17 9:15 p.m.0 views

UBUNTU-CVE-2021-41499

Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo 1.03 in the Serverdebug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name...

7.5CVSS5.8AI score0.0047EPSS
Exploits1References4
Rows per page
Query Builder