Lucene search
+L

44 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:47 a.m.8 views

Malicious code in business-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cf2ae4dcc02b71af0e0b806893b36de2c89d775c82272eea71c6d87ac37f1f3 The package business-data was found to contain malicious code...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/16 9:47 a.m.6 views

MAL-2026-2737 Malicious code in business-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0cf2ae4dcc02b71af0e0b806893b36de2c89d775c82272eea71c6d87ac37f1f3 The package business-data was found to contain malicious code...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 11:25 a.m.10 views

Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History

Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters ID: jkphinfhmfkckkcnifhjiplhfoiefffl, is marketed as a way to scrape Meta...

6AI score
Exploits0
CVE
CVE
added 2026/02/04 7:59 p.m.34 views

CVE-2026-25514

FacturaScripts (open-source ERP) contains a SQL injection in the autocomplete action via CodeModel::all() where user-controlled values are concatenated into SQL. Affected versions are prior to 2025.81; authenticated attackers can extract data including credentials, configuration, and business dat...

8.8CVSS5.6AI score0.00473EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2026/02/04 7:59 p.m.32 views

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.7CVSS0.00473EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/12/20 7:11 a.m.14 views

CVE-2025-13754

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.16. This is due to the plugin exposing its admin embed endpoint at /wp-json/ssa/v1/embed-inner-admin without...

5.3CVSS5.9AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 8:15 a.m.11 views

CVE-2025-13414

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

5.3CVSS0.00245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/25 7:28 a.m.6 views

CVE-2025-13414 Chamber Dashboard Business Directory <= 3.3.11 - Missing Authorization to Unauthenticated Business Information Export

The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to unauthorized data export due to a missing capability check on the cdashwatchforexport function in all versions up to, and including, 3.3.11. This makes it possible for unauthenticated attackers to export business...

5.3CVSS4.9AI score0.00245EPSS
Exploits0References3
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

WordPress Welcart e-Commerce Plugin Unauthorized Access Vulnerability

WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...

5.3CVSS6.7AI score0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.5 views

WordPress plugin Welcart e-Commerce 安全漏洞

WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...

5.3CVSS6.3AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2025/10/22 9:15 a.m.6 views

CVE-2025-11870

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/22 8:27 a.m.4 views

EUVD-2025-35332

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS4.6AI score0.00176EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/22 8:27 a.m.4 views

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/22 8:27 a.m.19 views

CVE-2025-11870 Simple Business Data <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Business Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'simplebusinessdata' shortcode attributes in all versions up to, and including, 1.0.1. This is due to the plugin not properly sanitizing user input or escaping output when embedding the type attribute...

6.4CVSS0.00176EPSS
Exploits0References2
CVE
CVE
added 2025/10/22 8:27 a.m.22 views

CVE-2025-11870

CVE-2025-11870: The Simple Business Data WordPress plugin (simple-business-data) is vulnerable to stored XSS in all versions up to 1.0.1 via the simple_business_data shortcode attributes, where unsanitized input is embedded into the class attribute of rendered HTML. Exploitation requires contribu...

6.4CVSS4.7AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.5 views

WordPress plugin Simple Business Data 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00176EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/21 11:53 p.m.6 views

WordPress Simple Business Data plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple Business Data versions = 1.0.1...

6.4CVSS5.7AI score0.00176EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/23 10:39 a.m.2 views

CVE-2024-4598 Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator

An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.4 views

PT-2025-39161

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An information disclosure issue exists due to an improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation...

6.5CVSS6AI score0.00299EPSS
Exploits0References6
Microsoft KB
Microsoft KB
added 2025/08/12 7:0 a.m.13 views

Description of the security update for SharePoint Server 2019: August 12, 2025 (KB5002769)

None None...

8.8CVSS6.8AI score0.1831EPSS
Exploits0
Rows per page
Query Builder