Lucene search
K

294 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in catch-secure-user-benchmark-scale (npm)

The package catch-secure-user-benchmark-scale was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in bad-catch-stack-compile-query (npm)

The package bad-catch-stack-compile-query was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-16661 Malicious code in catch-secure-user-benchmark-scale (npm)

The package catch-secure-user-benchmark-scale was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-22252 Malicious code in hash-query-string-assert-catch (npm)

The package hash-query-string-assert-catch was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-26435 Malicious code in minify-catch-function-object-epsilon (npm)

The package minify-catch-function-object-epsilon was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/11 1:54 p.m.4 views

BIT-LIBPHP-2024-9026 PHP-FPM logs from children may be altered

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS7.1AI score0.00482EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/02 1:11 a.m.5 views

Malicious code in log-trap-catch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dc12c22fb18702b22d35fa127f4f43058dc50f65393e6bbb1d666b48bb7d905 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/06/02 1:11 a.m.1 views

MAL-2025-4627 Malicious code in log-trap-catch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dc12c22fb18702b22d35fa127f4f43058dc50f65393e6bbb1d666b48bb7d905 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:39 a.m.5 views

CVE-2024-47313

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through = 3.4.6...

5.1CVSS5.9AI score0.00227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:13 a.m.7 views

CVE-2024-31279

Cross-Site Request Forgery CSRF vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0...

5.4CVSS8.6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.10 views

CVE-2024-47356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through = 2.9.1...

5.9CVSS5.9AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:21 a.m.18 views

CVE-2024-44010

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...

5.1CVSS5.9AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:5 a.m.5 views

CVE-2024-11427

The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.9 views

CVE-2022-39900

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch...

4.6CVSS6.5AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/06 4:27 p.m.10 views

CVE-2025-32154

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...

8.8CVSS7.2AI score0.00891EPSS
Exploits0References1
OSV
OSV
added 2025/04/04 4:15 p.m.2 views

CVE-2025-32154

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode allows PHP Local File Inclusion. This issue affects Catch Dark Mode: from n/a through 1.2.1...

8.8CVSS7.3AI score0.00891EPSS
Exploits0References1
NVD
NVD
added 2025/04/04 4:15 p.m.8 views

CVE-2025-32154

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...

8.8CVSS0.00891EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/04 3:58 p.m.12 views

CVE-2025-32154 WordPress Catch Dark Mode plugin <= 2.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...

7.5CVSS7.3AI score0.00891EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/04 3:58 p.m.15 views

CVE-2025-32154 WordPress Catch Dark Mode plugin <= 2.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...

7.5CVSS0.00891EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 3:58 p.m.56 views

CVE-2025-32154

CVE-2025-32154 affects Catch Dark Mode (WordPress plugin) and is an Authenticated Local File Inclusion via improper filename control in PHP include/require. Affected version range is Catch Dark Mode up to 1.2.1. The vulnerability is documented with a high impact (C, I, A) and a network attack vec...

8.8CVSS7.2AI score0.00891EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder