Lucene search
K

7 matches found

OSV
OSV
added 2026/06/13 2:10 a.m.10 views

MAL-2026-5724 Malicious code in warp-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 493b3ed30d94fb482e4b9c7cf3d328ba9b307f91965783f0024ec7dca1fedb96 [email protected] declares postinstall: node index.js in package.json. The index.js entry point is heavily obfuscated using obfuscator.io-style...

6AI score
Exploits0References2
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

WordPress plugin Uncanny Automator 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS6.1AI score0.00655EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.4 views

CVE-2020-37117

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

8.8CVSS5.6AI score0.00687EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37117 jizhiCMS 1.6.7 - Arbitrary File Download

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

8.8CVSS5.6AI score0.00687EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/05 4:13 p.m.5 views

EUVD-2020-31049

jizhiCMS 1.6.7 contains a file download vulnerability in the admin plugins update endpoint that allows authenticated administrators to download arbitrary files. Attackers can exploit the vulnerability by sending crafted POST requests with malicious filepath and downloadurl parameters to trigger...

8.8CVSS5.6AI score0.00687EPSS
Exploits1References3
OSV
OSV
added 2024/07/12 12:0 a.m.7 views

OPENSUSE-SU-2024:14126-1 obs-service-download_url-0.2.1-1.1 on GA media

These are all security issues fixed in the obs-service-downloadurl-0.2.1-1.1 package on the GA media of openSUSE Tumbleweed...

6.3CVSS6.5AI score0.00879EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/03/30 2:26 p.m.30 views

Uber: Stored XSS in archive.uber.com Due to Injection of Javascript:alert(0)

archive.uber.com is vulnerable to an XSS due to injection of Javascript:alert0 as the downloadurl or the homepage in the setup.py when generating the .tar.gz. As of PEP 0470, the downloadurl and homepage parameters are depreciated. An example of a setup.py that can exploit this is: python from...

6.3AI score
Exploits0
Rows per page
Query Builder