Lucene search
K

29988 matches found

CVE
CVE
added 1 hour ago7 views

CVE-2026-15043

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

6.1AI score
Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-43626

The AI Engine WordPress plugin before 3.5.5 does not sanitize a user-supplied filename before using it to write a downloaded file, allowing authenticated users with editor-level access to write attacker-controlled bytes to an arbitrary location on the server via path traversal...

6.2AI score
Exploits0References1
CVE
CVE
added 5 hours ago7 views

CVE-2026-12511

CVE-2026-12511 affects the AI Engine WordPress plugin prior to 3.5.5. The flaw occurs when a user-supplied filename used for a downloaded file is not sanitized, enabling authenticated users with editor-level access to perform path traversal and write attacker-controlled bytes to an arbitrary loca...

6.2AI score
Exploits0References1
OSV
OSV
added yesterday3 views

MAL-2026-10474 Malicious code in @dervix/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118dd8f5224b1dcccddf25d74c6c9fe3543b444173ea293dafa28154e82689d5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday2 views

Malicious code in @dervix/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 118dd8f5224b1dcccddf25d74c6c9fe3543b444173ea293dafa28154e82689d5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSV
OSV
added yesterday3 views

MAL-2026-10476 Malicious code in @gleamkit/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 008464ca4d7ba15b4b8c6d3a979586c61bd527aef3a209571d28c0ba912403ae The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in @gleamkit/engine.io (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 008464ca4d7ba15b4b8c6d3a979586c61bd527aef3a209571d28c0ba912403ae The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References4
Nuclei
Nuclei
added yesterday145 views

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS7.4AI score0.59844EPSS
Exploits2
Nuclei
Nuclei
added yesterday25 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7AI score0.75063EPSS
Exploits5References2
Nuclei
Nuclei
added yesterday116 views

Jordy Meow AI Engine - Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine- ChatGPT Chatbot.This issue affects AI Engine- ChatGPT Chatbot- from n/a through 1.9.98. id: CVE-2023-51409 info: name: Jordy Meow AI Engine - Unrestricted File Upload author: pussycat0x severity: critical...

10CVSS7AI score0.65046EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday7 views

WP Travel Engine <= 5.7.9 - SQL Injection

WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...

9.8CVSS7.2AI score0.02267EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday36 views

Autonomy Ultraseek - Open Redirect

Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...

5.8CVSS6.2AI score0.10257EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday123 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS7AI score0.22292EPSS
Exploits1References4
NVD
NVD
added 2 days ago6 views

CVE-2026-56281

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS0.00197EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

CVE-2026-56281 Capgo - SQL Injection via Unvalidated limit Parameter in Admin Stats Endpoint

Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/adminstats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directly into Cloudflare Analytics Engine SQL queries via template literals. An attacker with platform adm...

5.1CVSS6.1AI score0.00197EPSS
Exploits0References4
Fedora
Fedora
added 2 days ago8 views

[SECURITY] Fedora 44 Update: webkitgtk-2.52.5-1.fc44

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

8.8CVSS7AI score0.72648EPSS
Exploits16
NVD
NVD
added 3 days ago8 views

CVE-2025-6784

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...

8.8CVSS0.00483EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2025-210455

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...

8.8CVSS6.3AI score0.00483EPSS
Exploits0References2
CVE
CVE
added 3 days ago16 views

CVE-2025-6784

CVE-2025-6784 affects the WordPress Code Engine plugin (versions up to 0.3.5). It allows Remote Code Execution via the 'code-engine' shortcode because access to the plugin’s code-injecting functionality is not restricted. Authenticated users with Contributor-level access and above can execute cod...

8.8CVSS6.3AI score0.00483EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2025-6784 Code Engine <= 0.3.5 - Authenticated (Contributor+) Remote Code Execution

The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 0.3.5 via the 'code-engine' shortcode. This is due to the plugin not restricting access to the code injecting functionality of the plugin. This makes it possible for authenticated...

8.8CVSS0.00483EPSS
Exploits0References2
Rows per page
Query Builder