Lucene search
K

590 matches found

Cvelist
Cvelist
added 2026/06/19 2:16 p.m.27 views

CVE-2016-20093 Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

8.5CVSS0.0012EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 2:16 p.m.11 views

CVE-2016-20093

CVE-2016-20093 affects Wise Care 365 v4.27 and Wise Disk Cleaner v9.29, with unquoted service paths in the WiseBootAssistant and SpyHunter 4 Service. The underlying issue is an unquoted service path, enabling local attackers to execute arbitrary code with SYSTEM privileges by placing a malicious ...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:16 p.m.5 views

CVE-2016-20093

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4Affected Software2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in lxml

A XSS vulnerability was discovered in the python-lxml’s clean module versions prior to 4.6.3. When the “safe attrsonly” and “forms” arguments are disabled, the Cleaner class does not remove the “formaction” attribute, allowing JavaScript to bypass the sanitizer. A remote attacker could exploit th...

6.1CVSS6.8AI score0.04002EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in lxml

Lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html allowed certain crafted script content to pass through, as well as script content in SVG files embedded using data URIs. Users who use the HTML Cleaner in a security-related...

8.2CVSS6.4AI score0.02456EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.6 views

Malicious Package

Overview react-cleaner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/06/01 8:31 a.m.14 views

Your phone called. It needs a cleanup.

Does it sometimes take your phone a few minutes to accomplish one simple task? That can be wildly frustrating. But you’re in luck, because we’ve got a free tool that scans your phone for leftover files, temporary data, outdated caches and helps you clean up all that junk. Introducing our Junk...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

n8n-MCP 安全漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. Versions of n8n-MCP prior to 2.51.3 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the workflow telemetry cleaner might retain fragments of URL shape node...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX 26.0.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /system/api/saveNode endpoint, which had a storage-oriented cross-site scripting vulnerability. Users with edit...

8.7CVSS5.7AI score0.00228EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Tiny Technologies TinyMCE 跨站脚本漏洞

TinyMCE is a rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE from 6.8.0 to 7.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of SVG namespace scopes by the cleaner tool; it could allow custom payloads...

8.7CVSS5.9AI score0.00191EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 8:37 a.m.13 views

Malicious code in react-cleaner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c3d7a072dc204b4c150fae46302a31dafd46c85518d4ba7128fc7d36bf6a53 [email protected] is a pino-logger impersonator package main is pino.js, homepage https://getpino.io, module layout mirrors pino's lib/ tree that, ...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/26 8:37 a.m.17 views

MAL-2026-4791 Malicious code in react-cleaner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11c3d7a072dc204b4c150fae46302a31dafd46c85518d4ba7128fc7d36bf6a53 [email protected] is a pino-logger impersonator package main is pino.js, homepage https://getpino.io, module layout mirrors pino's lib/ tree that, ...

6.1AI score
Exploits0References2
Patchstack
Patchstack
added 2026/05/21 7:13 a.m.10 views

WordPress Advanced Database Cleaner – Premium plugin <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion vulnerability

Authenticated Subscriber+ Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin Advanced Database Cleaner – Premium versions = 4.1.0...

8.8CVSS5.8AI score0.00755EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/20 5:16 a.m.16 views

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 4:27 a.m.29 views

CVE-2026-7522

The CVE-2026-7522 issue affects the WordPress plugin The Advanced Database Cleaner – Premium, vulnerable in versions up to 4.1.0. The root cause is Local File Inclusion via the template parameter, allowing authenticated users with Subscriber-level access and above to include and execute arbitrary...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 4:27 a.m.10 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:27 a.m.11 views

CVE-2026-7522

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS6.4AI score0.00755EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/20 4:27 a.m.47 views

CVE-2026-7522 Advanced Database Cleaner – Premium <= 4.1.0 - Authenticated (Subscriber+) Local File Inclusion via 'template'

The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .ph...

8.8CVSS0.00755EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Advanced Database Cleaner – Premium 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6AI score0.00755EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

JupyterLab 跨站脚本漏洞

JupyterLab is an open-source extension designed for interactive and reproducible computing environments, based on the Jupyter Notebook framework. Versions of JupyterLab prior to 4.5.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the HTML cleaner allowing...

8.6CVSS5.8AI score0.00386EPSS
Exploits0References1
Rows per page
Query Builder