Lucene search
K

144526 matches found

NVD
NVD
β€’added 3 days agoβ€’7 views

CVE-2026-10628

The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00349EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2026/06/29 4:50 p.m.β€’11 views

Malicious code in @rakuten-rewards/messaging-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5881076c822a732d6344ff3614bf7437722ca46d9d5f5dbdf3105586fa078dd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2026/06/29 4:50 p.m.β€’11 views

Malicious code in @rakuten-rewards/messaging-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fc8243854c9528882d45c044a4a7c7ce2ad94143a84f135b2b98cb536ce2f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
β€’added 2026/06/29 4:50 p.m.β€’12 views

MAL-2026-6641 Malicious code in @rakuten-rewards/messaging-sdk-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7fc8243854c9528882d45c044a4a7c7ce2ad94143a84f135b2b98cb536ce2f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
β€’added 2026/06/29 4:50 p.m.β€’8 views

MAL-2026-6640 Malicious code in @rakuten-rewards/messaging-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5881076c822a732d6344ff3614bf7437722ca46d9d5f5dbdf3105586fa078dd4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
β€’added 2026/06/15 3:9 p.m.β€’12 views

Malicious code in ve-hemi-rewards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8252216c6621e6391775d34f5e32815ab8c2a830df080fed52113b4cf855aa1 On npm install, the package's preinstall lifecycle invokes postinstall.js, which collects hostname, username, and current working directory, then...

5.3AI score
Exploits0References1
OSV
OSV
β€’added 2026/06/15 3:9 p.m.β€’9 views

MAL-2026-5785 Malicious code in ve-hemi-rewards (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a8252216c6621e6391775d34f5e32815ab8c2a830df080fed52113b4cf855aa1 On npm install, the package's preinstall lifecycle invokes postinstall.js, which collects hostname, username, and current working directory, then...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2026/06/08 12:0 a.m.β€’11 views

PT-2026-47289

Name of the Vulnerable Software and Affected Versions @angular/platform-server versions prior to 19.2.23 @angular/platform-server versions prior to 20.3.22 @angular/platform-server versions prior to 21.2.15 @angular/platform-server versions prior to 22.0.0-rc.2 Description An issue in the...

8.8CVSS5.7AI score0.00193EPSS
Exploits0References6
Packet Storm News
Packet Storm News
β€’added 2026/05/26 12:0 a.m.β€’58 views

SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?

Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...

5.9AI score
Exploits0
EUVD
EUVD
β€’added 2026/04/16 3:31 p.m.β€’6 views

EUVD-2026-22910

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References2
Patchstack
Patchstack
β€’added 2026/04/16 3:12 a.m.β€’5 views

WordPress MyRewards plugin <= 5.7.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Muhan Luo in WordPress Plugin MyRewards versions = 5.7.3...

4.3CVSS5.8AI score0.00141EPSS
Exploits0Affected Software1
NVD
NVD
β€’added 2026/04/15 11:16 a.m.β€’7 views

CVE-2026-40786

Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through = 5.7.3...

4.3CVSS0.00141EPSS
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2026/04/15 12:0 a.m.β€’11 views

PT-2026-33052

Name of the Vulnerable Software and Affected Versions MyRewards versions prior to 5.7.4 Description Incorrectly configured access control security levels lead to a missing authorization issue in the MyRewards plugin, which allows for the exploitation of security levels. Recommendations Update to ...

4.3CVSS5.8AI score0.00141EPSS
Exploits0References4
EUVD
EUVD
β€’added 2026/04/10 7:55 p.m.β€’6 views

EUVD-2026-21146

nimiq-blockchain is missing a wall-clock upper bound on block timestamps...

8.1CVSS5.8AI score0.00314EPSS
Exploits0References2
Packet Storm
Packet Storm
β€’added 2026/04/10 12:0 a.m.β€’132 views

πŸ“„ MyRewards 5.6.0 Missing Authorization

MyRewards – Loyalty Points and Rewards for WooCommerce versions 5.6.0 and below suffer from a missing authorization vulnerability that allows for privilege escalation. CVE-2025-15260: Missing Authorization / Broken Access Control in Plugin - MyRewards – Loyalty Points and Rewards for WooCommerce...

6.5CVSS5.8AI score0.00274EPSS
Exploits2
CVE
CVE
β€’added 2026/04/09 8:29 p.m.β€’11 views

CVE-2026-40093

The CVE describes a wall-clock upper bound omission in Nimiq’s block timestamp validation for the nimiq-blockchain Rust implementation (1.3.0 and earlier). Specifically, non-skip blocks enforce timestamp &gt;= parent.timestamp and skip blocks enforce timestamp == parent.timestamp + MIN_PRODUCER_T...

8.1CVSS5.9AI score0.00314EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
β€’added 2026/04/09 4:42 p.m.β€’114 views

Exploit for CVE-2025-15260

CVE-2025-15260: Missing Authorization / Broken Access Control...

6.5CVSS5.9AI score0.00274EPSS
Exploits2
EUVD
EUVD
β€’added 2026/03/25 6:31 p.m.β€’10 views

EUVD-2026-15884

Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through = 1.0.4...

5.8AI score0.00321EPSS
Exploits0References2
Wordfence Blog
Wordfence Blog
β€’added 2026/02/20 7:0 p.m.β€’22 views

Wordfence Bug Bounty Program Monthly Report – January 2026

Last month in January 2026, the Wordfence Bug Bounty Program received 897 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfenc...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
β€’added 2026/02/06 12:0 a.m.β€’6 views

Evaluating and Enhancing the Vulnerability Reasoning Capabilities of Large Language Models

Large Language Models LLMs have demonstrated remarkable proficiency in vulnerability detection. However, a critical reliability gap persists: models frequently yield correct detection verdicts based on hallucinated logic or superficial patterns that deviate from the actual root cause. This...

5.8AI score
Exploits0
Rows per page
Query Builder