Lucene search
+L

1098 matches found

Snyk
Snyk
added 2026/05/18 9:0 p.m.17 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/18 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/05/16 4:16 p.m.12 views

CVE-2020-37244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS0.00276EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.39 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.7 views

CVE-2020-37244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/16 3:25 p.m.17 views

CVE-2020-37244

Supsystic Membership 1.4.7 (WordPress plugin) contains an SQL injection vulnerability in the badges module, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting payloads through the 'search' and 'sidx' parameters. Attacks can use time-based blind or UNION-based SQL inj...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.10 views

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:25 p.m.8 views

EUVD-2020-31244

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

WordPress plugin Supsystic Membership SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.13 views

PT-2026-41444

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 12:19 p.m.8 views

Malicious code in ally-badges (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/03 12:19 p.m.8 views

MAL-2026-3296 Malicious code in ally-badges (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...

5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

WordPress plugin UsersWP 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00234EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2026/03/13 6:57 p.m.5 views

aksharify (=0.2.0), buildbot-badges (>=1.7.0 <=1.8.2) +51 more potentially affected by CVE-2026-31899 via cairosvg (>=0.5.0 <=2.8.2)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.20.7, =1.0.0b1, =0.0.2, =2025.5.0, =1.0.0, =0.1.0, =1.3.6, =0.2.2, =0.2.32 and more Source cves: CVE-2026-31899 Source advisory: OSV:GHSA-F38F-5XPM-9R7C...

7.5CVSS5.4AI score0.0049EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/02/03 12:30 p.m.9 views

Moodle has an authorization logic flaw

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

9.8CVSS5.3AI score0.00272EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2026/02/03 11:15 a.m.5 views

CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

9.8CVSS5.8AI score0.00272EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:29 a.m.10 views

CVE-2023-50827

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8...

5.9CVSS6.5AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.8 views

CVE-2025-23949

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This issue affects Improved Sale Badges – Free Version: from n/a...

8.1CVSS7.2AI score0.00853EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/12/15 11:55 a.m.19 views

A Browser Extension Risk Guide After the ShadyPanda Campaign

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them r...

6.6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.7 views

io.jenkins.plugins:coverage-badges-extension (>=157.vf5d725246222 <=197.vb_390173d00ec) potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=2.1.0 <=2.2941.v08df75b_767f1)

io.jenkins.plugins:coverage MAVEN version =2.1.0, =157.vf5d725246222, =197.vb390173d00ec Source cves: CVE-2025-67641 Source advisory: SNYK:JAVA-IOJENKINSPLUGINS-14383149...

8CVSS5.8AI score0.00262EPSS
Exploits0
Rows per page
Query Builder