Lucene search
K

2183 matches found

OSV
OSV
added yesterday4 views

MAL-2026-10467 Malicious code in polymarket-stake-kelly-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01715ebd11c8adf6ac26ce11bc5fc07e6cfb6775fa77dbe1ca022d0d6593b99c [email protected] ships a postinstall script scripts/install-check.cjs referenced by package.json's postinstall hook that on every np...

6.1AI score
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-57422

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through = 1.2.0...

7.1CVSS0.00251EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in @tailwind-ts/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...

6.2AI score
Exploits0References4
OSV
OSV
added yesterday3 views

MAL-2026-10431 Malicious code in @tailwind-ts/eslint-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8feb6293e6f7cb00a6c6ab82e6d04f8eae29e846ae0abb8a1d65e2cdfbbc9c7 Package is published as an ESLint plugin for Tailwind CSS v4, but the shipped code implements unrelated Polymarket Kelly stake math and a postinstall...

6.2AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-57422

CVE-2026-57422 concerns a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Bopo – WooCommerce Product Bundle Builder (bopo-woo-product-bundle-builder). The issue arises from improper input neutralization during web page generation, allowing an attacker to inject script v...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-57422 WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Bopo – WooCommerce Product Bundle Builder bopo-woo-product-bundle-builder allows Reflected XSS.This issue affects Bopo – WooCommerce Product Bundle Builder: from n/a through = 1.2.0...

7.1CVSS0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57733

Name of the Vulnerable Software and Affected Versions VillaTheme Bopo – WooCommerce Product Bundle Builder versions prior to 1.2.1 Description Reflected Cross-site Scripting XSS occurs due to improper neutralization of input during web page generation. This allows an attacker to execute malicious...

7.1CVSS6.2AI score0.00251EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-55780

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS0.00112EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-55780

NanaZip (7‑Zip derivative) prior to version 6.5.1749.0 is vulnerable due to its .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp, which sizes the extraction buffer from the bundle entry Size field without validating against the real file size. This allows an attacker...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References5
NVD
NVD
added 4 days ago7 views

CVE-2026-56254

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS0.00151EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-55208

Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST...

7.7CVSS0.00249EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago6 views

WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin Bopo – WooCommerce Product Bundle Builder versions = 1.2.0...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
Circl
Circl
added 6 days ago7 views

CVE-2026-54406

creationtimestamp| type| source ---|---|--- 2026-07-08 11:01:21+00:00| seen| https://vulnerability.circl.lu/bundle/ebad18a5-251f-49a4-b877-c63995fd13a6 2026-07-09 20:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mqaif74m6425...

8.7CVSS5.9AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 3:26 p.m.6 views

GO-2026-5873 Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml in github.com/rancher/fleet

Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml in github.com/rancher/fleet...

5CVSS5.9AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 9:30 a.m.20 views

CVE-2026-44936

CVE-2026-44936 describes an SSRF risk in SUSE Rancher Fleet’s bundle reader when the helmRepoURLRegex field is not set on a GitRepo. The vulnerability allows forwarding Helm authentication credentials (BasicAuth) to any URL specified in the fleet.yaml helm.repo field, potentially leaking admin cr...

5CVSS6AI score0.00386EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:30 a.m.6 views

CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS6AI score0.00386EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 9:30 a.m.33 views

CVE-2026-44936 Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 3:42 p.m.9 views

GHSA-QH2F-99MV-MRCF OpenClaw: Bundle MCP loopback could miss its exec denylist on session spawn

Summary Bundle MCP loopback could miss its exec denylist on session spawn. In affected versions, a caller that can reach the affected bundled MCP session-spawn path could bypass the denylist that was intended for that loopback MCP entry point. This advisory is scoped to the named feature and...

6.9CVSS6AI score0.00094EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 8:45 p.m.4 views

GHSA-HX4V-CXPF-VH8M Rancher Fleet has SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml

Impact A vulnerability has been identified in Fleet when the helmRepoURLRegex field isn't set on a GitRepo resource. Fleet's bundle reader forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo field of a fleet.yaml file. An attacker with git push access to a...

5CVSS5.8AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder