Lucene search
+L

12682 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago7 views

Malicious code in salesforce-vscode-slds (npm)

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
Circl
Circl
added 2026/07/11 7:32 a.m.8 views

CVE-2026-15155

creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5imu2qi2e 2026-07-11 07:59:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6xqk3ap2g 2026-07-11 08:00:32+00:00| seen|...

8.8CVSS6.1AI score0.00367EPSS
Exploits0References5
Nuclei
Nuclei
added 2026/07/11 12:22 a.m.28 views

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.96666EPSS
Exploits14References3
Metasploit
Metasploit
added 2026/07/10 7:2 p.m.17 views

FTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x64 payload from an FTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options This module requires Metasploit: https://metasploit.com/download Current source:...

6.2AI score
Exploits0
Circl
Circl
added 2026/07/10 12:34 p.m.8 views

CVE-2026-56688

creationtimestamp| type| source ---|---|--- 2026-07-10 12:34:10+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116895701434331747 2026-07-10 12:58:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc77o3vm427 2026-07-10 13:12:04+00:00| seen|...

9.1CVSS6.1AI score0.01285EPSS
Exploits0References11
Circl
Circl
added 2026/07/10 11:18 a.m.8 views

CVE-2026-40009

creationtimestamp| type| source ---|---|--- 2026-07-10 11:18:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbznn7c7g26 2026-07-10 12:15:29+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-40009 2026-07-10 13:25:26+00:00| seen|...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/07/10 6:40 a.m.5 views

WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...

6.4CVSS6.1AI score0.00246EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2026/07/10 5:16 a.m.8 views

CVE-2026-15282

creationtimestamp| type| source ---|---|--- 2026-07-10 05:16:07+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z 2026-07-11 00:00:32+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j 2026-07-13 01:01:18+00:00| seen|...

9.8CVSS4.8AI score0.00744EPSS
Exploits1References4
Patchstack
Patchstack
added 2026/07/09 8:55 p.m.5 views

WordPress Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 1.24.1 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Mail Mint versions = 1.24.1...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/07/09 1:58 p.m.5 views

WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...

9.3CVSS6.1AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/09 1:24 p.m.8 views

WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Aimogen Pro versions = 2.8.3...

10CVSS6.1AI score0.00358EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 2:1 p.m.5 views

WordPress ProfileGrid plugin <= 5.9.9.6 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin ProfileGrid versions = 5.9.9.6...

7.5CVSS6.1AI score0.00329EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/07/07 8:56 p.m.5 views

Server-side Request Forgery (SSRF)

Overview @better-auth/sso is a SSO plugin for Better Auth Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /sso/register and POST /sso/update-provider endpoints when attacker-controlled OIDC endpoint URLs are accepted without proper validation if...

9.6CVSS6.2AI score0.00252EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/07/07 8:56 p.m.7 views

@better-auth/sso provider registration has server-side request forgery via unvalidated OIDC endpoints

Am I affected? Users are affected if all of the following are true: - Their application uses @better-auth/sso at a version = 0.1.0, 1.6.11 on the stable line, or any 1.7.0-beta.x on the pre-release line. - The sso plugin is added to their application's betterAuth plugins: ... array. - Any user wi...

9.6CVSS6.1AI score0.00252EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 7:27 p.m.5 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 7:27 p.m.10 views

CVE-2026-58468

NocoBase up to version 2.1.20 is affected by a server-side request forgery via the serverRequest wrapper. Authenticated administrators can craft arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Exploitation ta...

5.5CVSS6.1AI score0.002EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 7:27 p.m.2 views

CVE-2026-58468 NocoBase 2.1.20 Server-Side Request Forgery via serverRequest wrapper

NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin...

5.1CVSS6.2AI score0.002EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/07 3:26 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OIDC discovery process. An attacker can cause the service to follow malicious redirects, leading to server-side request forgery and potential exposure of Kubernetes service-account tokens by...

8.2CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5853 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio

Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio...

5.9AI score
Exploits0References1
Rows per page
Query Builder