Lucene search
K

9305 matches found

Nuclei
Nuclei
added 11 hours ago596 views

WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF

WordPress Automatic plugin 3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This...

9.9CVSS7AI score0.93971EPSS
Exploits18References3
Nuclei
Nuclei
added 11 hours ago89 views

WordPress SEO Tools Plugin 4.0.7 - Cross-Site Scripting

The SEO Tools WordPress plugin through version 4.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape the 'src' parameter in the rssread.php file before outputting it back in the page, which could allow attackers to execute arbitrary...

6.1CVSS7.2AI score0.00594EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago25 views

WordPress Automatic Plugin - Unauthenticated Options Change

WordPress Automatic Plugin versions 3.53.2 and below contains a critical vulnerability that allows unauthenticated users to change arbitrary WordPress options through the processform.php script. The vulnerable script uses updateoption on all POST parameters without authentication or capability...

9.8CVSS7.1AI score0.16408EPSS
Exploits3References2
Nuclei
Nuclei
added 11 hours ago21 views

Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

9.8CVSS7AI score0.04528EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago7 views

Malicious code in auto-debug-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dd31c11b5149d8dd2142c81cc066576dc799ba4dae4599a9569cb56256417ec package.json declares a postinstall hook node install.js that fires automatically on npm install. On Windows, install.js invokes hidden PowerShell -N...

6.1AI score
Exploits0References4
Fedora
Fedora
added 2026/07/07 1:11 a.m.17 views

[SECURITY] Fedora 43 Update: clamav-1.4.5-1.fc43

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/06 1:58 p.m.5 views

CVE-2026-55698

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to achieve arbitrary code execution by committing a specially crafted package-manager lockfile pnpm-lock.yaml to a repository. When pnpm is executed, it trusts an already resolved packageManagerDependencies...

8.8CVSS6.6AI score0.00193EPSS
Exploits1References4
Snyk
Snyk
added 2026/07/03 6:16 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the open-editor and invalidate endpoints. An attacker can open...

5.3CVSS6AI score0.00116EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 6:13 a.m.59 views

CVE-2026-11586

CVE-2026-11586 : curl is vulnerable to memory exhaustion via WebSocket PING handling. The description across sources states that curl automatically responds to WebSocket PING frames and lacks an upper bound on memory allocation for unacknowledged frames, enabling a malicious server to flood curl ...

7.5CVSS6AI score0.0086EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.25 views

PT-2026-55445

Name of the Vulnerable Software and Affected Versions coder versions prior to 2.29.7 coder versions prior to 2.30.2 Description A command injection issue exists in the dotfiles registry module where unsanitized user input is passed to shell commands. An attacker can provide a crafted dotfiles uri...

8.8CVSS6.3AI score0.02642EPSS
Exploits0References14
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-56045

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.11 views

CVE-2026-56045

The CVE-2026-56045 entry applies to the WordPress Automatic plugin versions earlier than 3.135.1, with an unauthenticated Cross Site Scripting (XSS) vulnerability. Affected software: WordPress Automatic plugin (

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39706

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.9 views

CVE-2026-13324

A vulnerability has been identified in the GNOME Geary package within its mailto URI handling component. This flaw occurs because the email client automatically processes a non-standard attach parameter in email links without prompting or alerting the user. An attacker could exploit this by...

6.5CVSS5.8AI score
Exploits0References4
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-56770

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

8.7CVSS0.00339EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 6:6 p.m.15 views

CVE-2026-56770

Libais 0.15 is affected by an out-of-bounds vector access in VdmStream::AddLine caused by an unchecked sentinel value used as a vector index when handling AIS sentences with empty or out-of-range sequential IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM senten...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.9 views

Malicious code in leo-aws (npm)

The leo-aws npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.3AI score
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53030

In the Linux kernel, the following vulnerability has been resolved: i3c: master: renesas: Fix memory leak in renesasi3ci3cxfers The xfer structure allocated by renesasi3callocxfer was never freed in the renesasi3ci3cxfers function. Use the freekfree cleanup attribute to automatically free the...

0.00166EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:30 p.m.7 views

CVE-2026-53065

CVE-2026-53065 affects the Linux kernel ASoC: sti driver. The issue is that regmap_field objects allocated at player init were never freed, potentially leaking resources when the driver is removed. The remediation is to switch to devm_regmap_field_alloc() , which ties the lifetimes of the allocat...

5.7AI score0.00172EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: SCSI: UFS: Core – Flush exception handling work when RPM level is zero Ensure that exception event handling work is explicitly flushed during suspension when the runtime power management level is set to UFSPMLVL0. When the RPM...

4.7CVSS5.7AI score0.00091EPSS
Exploits0References2
Rows per page
Query Builder