CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

205 matches found

OSSF Malicious Packages•added 2026/05/29 10:2 p.m.•8 views

Malicious code in react-svg-animator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware df0945fc4ef48dfcf552b844a84717606557a3d2ec592aa486a6f464eb290eb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2026/05/29 10:2 p.m.•4 views

MAL-2026-5079 Malicious code in react-svg-animator (npm)

5.8AI score

Exploits0References1

Snyk•added 2026/05/29 10:2 p.m.•7 views

Malicious Package

Overview react-svg-animator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/02/08 1:3 p.m.•4 views

CVE-2026-1082

The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler in inc/settings-page.php. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS5.3AI score0.00006EPSS

Exploits0References1

Cvelist•added 2026/02/07 8:26 a.m.•21 views

CVE-2026-1082 TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00006EPSS

Exploits0References3

CVE•added 2026/02/07 8:26 a.m.•20 views

CVE-2026-1082

The CVE concerns the TITLE ANIMATOR WordPress plugin, where a Cross-Site Request Forgery flaw exists in all versions up to and including 1.0 due to missing nonce validation on the settings-page form handler in inc/settings-page.php. This allows unauthenticated attackers to modify plugin settings ...

4.3CVSS5.3AI score0.00006EPSS

Exploits0References3

ATTACKERKB•added 2026/02/07 8:26 a.m.•2 views

CVE-2026-1082

4.3CVSS5.3AI score0.00006EPSS

Exploits0References4

Vulnrichment•added 2026/02/07 8:26 a.m.•1 views

CVE-2026-1082 TITLE ANIMATOR <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.3AI score0.00006EPSS

Exploits0References3

CNNVD•added 2026/02/07 12:0 a.m.•2 views

WordPress plugin TITLE ANIMATOR 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00006EPSS

Exploits0References4

Positive Technologies•added 2026/02/07 12:0 a.m.•3 views

PT-2026-6888

Name of the Vulnerable Software and Affected Versions TITLE ANIMATOR plugin for WordPress versions prior to 1.0 Description The software is susceptible to a Cross-Site Request Forgery issue. This is a result of a lack of nonce validation on the settings page form handler located in...

4.3CVSS5.3AI score0.00006EPSS

Exploits0References5

Patchstack•added 2026/02/06 11:47 p.m.•4 views

WordPress TITLE ANIMATOR plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin TITLE ANIMATOR versions = 1.0...

4.3CVSS5.4AI score0.00006EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/07 9:34 a.m.•3 views

CVE-2019-7870

Adobe Character Animator versions 2.1 and earlier have an insecure library loading dll hijacking vulnerability. Successful exploitation could lead to arbitrary code execution...

7.8CVSS7.3AI score0.07872EPSS

Exploits0References1