Lucene search
K

1315 matches found

The Hacker News
The Hacker News
added yesterday6 views

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems...

6.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.3 Vulnerability Details CVEID:CVE-2026-28498 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level...

8.7CVSS6.8AI score0.00067EPSS
Exploits5Affected Software1
Nuclei
Nuclei
added 2 days ago10 views

SolarView Compact < 6.00 - Directory Traversal

SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd. id:...

7.5CVSS7.2AI score0.6874EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago27 views

WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion

WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. id: CVE-2015-5469 info: name: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion author:...

7.5CVSS7.4AI score0.4911EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-7158

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validateurlsafe of the file src/mcpurldownloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The attack...

7.5CVSS6.6AI score0.00054EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.6AI score0.00054EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.00072EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago32 views

CVE-2019-25726 All in One Video Downloader 1.2 SQL Injection via admin page-edit

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.00072EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-46196

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS6.1AI score0.00072EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.6 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the actor parameter, potentially allowing unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0009EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.7 views

CVE-2026-5737

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.9AI score0.00054EPSS
Exploits0References11
CVE
CVE
added 2026/05/28 3:27 a.m.13 views

CVE-2026-5737

CVE-2026-5737 concerns the Independent Analytics plugin for WordPress, vulnerable through an unauthenticated SSRF in versions up to 2.14.9. A public tracking route at /wp-json/iawp/search accepts attacker-controlled referrer_url values when signatures match, compounded by a scheduled favicon fetc...

6.5CVSS5.9AI score0.00054EPSS
Exploits0References10
EUVD
EUVD
added 2026/05/28 3:27 a.m.8 views

EUVD-2026-32702

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

6.5CVSS5.9AI score0.00054EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.7 views

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS6.3AI score0.00048EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 5:16 p.m.11 views

CVE-2026-9472

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS0.00048EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/25 4:0 p.m.22 views

CVE-2026-9472 dazeb markdown-downloader index.ts create_subdirectory path traversal

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS0.00048EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/25 4:0 p.m.10 views

EUVD-2026-31704

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function downloadmarkdown/listdownloadedfiles/createsubdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotely. T...

6.5CVSS6.3AI score0.00048EPSS
Exploits0References5
CVE
CVE
added 2026/05/25 4:0 p.m.16 views

CVE-2026-9472

CVE-2026-9472 affects the dazeb markdown-downloader. A vulnerability exists in the functions download_markdown, list_downloaded_files, and create_subdirectory within src/index.ts, enabling path traversal through input manipulation. The attack could be launched remotely, and an exploit has been pu...

6.5CVSS6.3AI score0.00048EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/05/25 3:53 p.m.10 views

USN-8302-1: NLTK vulnerabilities

It was discovered that NLTK incorrectly validated file paths when opening files using the nltk.util module. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-0846 It was discovered that NLTK incorrectly validated file paths in multiple CorpusReader classes. An...

10CVSS7AI score0.00307EPSS
Exploits10
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.11 views

PT-2026-43087

A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af817623af55e3384df5a6a. Affected is the function download markdown/list downloaded files/create subdirectory of the file src/index.ts. Executing a manipulation can lead to path traversal. The attack can be launched remotel...

6.5CVSS6.3AI score0.00048EPSS
Exploits0References5
Rows per page
Query Builder