5 matches found
CVE-2026-47751 Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration
Claude Code Action is a general-purpose GitHub action that runs Claude Code on GitHub pull requests and issues. Prior to 1.0.74, because the action checked out attacker-controlled pull request head branches, read .mcp.json from the working directory via default setting sources, and unconditionall...
EUVD-2024-29027
Malicious code in bioql PyPI...
CVE-2024-31116
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74...
WordPress CP Polls Plugin <= 1.0.74 is vulnerable to Cross Site Scripting (XSS)
Software CP Polls Type Plugin Vulnerable versions = 1.0.74 Fixed in 1.0.75 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47297 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bd0fc6118ee8 Credits Muhamad Agil Fachrian Required...
CVE-2024-31116
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in 10Web 10Web Map Builder for Google Maps.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.74...