Lucene search
K

120998 matches found

OSV
OSV
added 2 days ago3 views

MAL-2026-10390 Malicious code in timmytuffknuckles9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 342d7a44db99769023685647376a6042d5a9b345c281826484c9d88561f245ca Package is not a Node library — package.json declares main: sw.js, a browser Service Worker whose first line calls importScripts'./8cfc2/hgshm.js'...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:30 p.m.11 views

Malicious code in ratelimitsucks6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ebbee718bfa55eada8a2d56c9ea228e7b661364827e71995fd456027df7eedb The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:29 p.m.9 views

Malicious code in abuden22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6b2d1b9158b6a3652850cdee84fd448567fc6d8187e685ee0b85eb8d594f57 The tarball contains a static-site bundle index.html, obfuscated asset chunks, service worker sw.js, and the MercuryWorkshop/Scramjet web-proxy bundl...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/18 4:29 p.m.9 views

MAL-2026-6129 Malicious code in abuden22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6b2d1b9158b6a3652850cdee84fd448567fc6d8187e685ee0b85eb8d594f57 The tarball contains a static-site bundle index.html, obfuscated asset chunks, service worker sw.js, and the MercuryWorkshop/Scramjet web-proxy bundl...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/18 4:29 p.m.7 views

MAL-2026-6128 Malicious code in abuden218 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36e1df12b592dc442d5266d4244831fd0b6ceb94c0960a26815f5fad3246b828 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 11:42 p.m.15 views

Malicious code in speed4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0766e347295e7a13e0604a89de30f662a24b690598f1e4b01edaac5400178347 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/16 11:42 p.m.8 views

MAL-2026-5938 Malicious code in speed4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0766e347295e7a13e0604a89de30f662a24b690598f1e4b01edaac5400178347 [email protected] is not a functional Node package. package.json declares main: sw.js, but sw.js is a browser ServiceWorker importScripts'./8cfc2/hgshm.js...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/16 7:27 p.m.8 views

MAL-2026-5916 Malicious code in nottuff25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.9 views

Malicious code in nottuff25 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 238a4f56f3433bf34de372e9a26264a33e33c6bde8592ddc73594d33ab7427f0 The tarball is not a Node library. package.json declares main: sw.js with description "package" and an empty author; sw.js is a browser ServiceWorker...

6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.9 views

Malicious code in nottuff15 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea629a411d1555cb4dbc80aa218539333aefce15e110ad0a5eaa16e4a58ab5f3 nottuff15 is one entry in a coordinated npm namespace-spam campaign. The tarball ships auto-publish.sh, a bash script that copies the package content...

6.1AI score
Exploits0References4
Patchstack
Patchstack
added 2025/12/16 6:10 p.m.27 views

WordPress WP to LinkedIn Auto Publish plugin <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP to LinkedIn Auto Publish versions = 1.9.8...

6.1CVSS6.1AI score0.00212EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/12/13 4:16 p.m.4 views

CVE-2025-12076

The Social Media Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage parameter in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.6 views

WordPress plugin Social Media Auto Publish 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerabili...

6.1CVSS5.8AI score0.00213EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/19 10:23 a.m.3 views

CVE-2025-12079

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 12:30 p.m.4 views

EUVD-2025-197966

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS5.2AI score0.00217EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 10:15 a.m.7 views

CVE-2025-12079

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 9:27 a.m.9 views

CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00217EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/18 9:27 a.m.3 views

CVE-2025-12079 WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage

The WP Twitter Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6AI score0.00217EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.4 views

WordPress plugin WP Twitter Auto Publish 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A cross-site...

6.1CVSS6AI score0.00217EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/17 11:37 p.m.4 views

WordPress WP Twitter Auto Publish plugin <= 1.7.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin WP Twitter Auto Publish versions = 1.7.4...

6.1CVSS5.4AI score0.00217EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder