Lucene search
K

2467586 matches found

OSV
OSV
added 2 days ago3 views

MAL-2026-6587 Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e5d9d8399e2b05081019def33eac48372a162c8c9a069c26d4225285ffe0a18 On npm install, the package's postinstall script fetches a JSON config from datasecure-service.vercel.app/config/clob-math.json, downloads a tarball...

6.2AI score
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-9676

The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce verification on one of its AJAX actions, allowing authenticated users with Subscriber-level access and above to modify the parent and menu order of arbitrary posts...

4.3CVSS0.00102EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-10083

The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Stored Cross-Site Scripting vulnerability. When a persistent object cache is enabled, cache keys derived from unsanitised user input e.g. a transient nam...

7.5CVSS0.00204EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2 days ago5 views

K000161952: Multiple Linux kernel vulnerabilities CVE-2026-23347, CVE-2026-23356, CVE-2026-23357, CVE-2026-23364 and CVE-2026-23365

Security Advisory Description CVE-2026-23347 In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it...

7.4CVSS5.8AI score0.00392EPSS
Exploits0
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-40046

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS6.7AI score0.00383EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-13546

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS5.5AI score0.00383EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-13546 Feehi CMS REST API Endpoint articles missing authentication

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS0.00383EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-13546 Feehi CMS REST API Endpoint articles missing authentication

A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the file /api/articles of the component REST API Endpoint. Performing a manipulation results in missing authentication. The attack may be initiated remotely. The exploit has been made public and could b...

7.5CVSS6.7AI score0.00383EPSS
Exploits0References5
CVE
CVE
added 2 days ago11 views

CVE-2026-13546

CVE-2026-13546 affects Feehi CMS up to version 2.1.1. The vulnerability targets the REST API Endpoint, specifically the unknown code in the file /api/articles, where manipulation results in missing authentication. Attack would be remote, and the exploit has been made public. The project was infor...

7.5CVSS6.7AI score0.00383EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago4 views

Malicious code in ledgerflow-deploy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...

5.8AI score
Exploits0References1
OSV
OSV
added 2 days ago4 views

MAL-2026-6591 Malicious code in ledgerflow-deploy-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f0097d19be676ac30ff79dffcff38f128873c80115a8a150c3eceff0422aa93 On npm install, the package's postinstall script queries the AWS instance metadata service IMDSv1 at 169.254.169.254 for the attached IAM role and...

5.8AI score
Exploits0References1
F5 Networks
F5 Networks
added 2 days ago5 views

K000161950: Spring AI vulnerability CVE-2026-22738

Security Advisory Description In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied...

9.8CVSS6AI score0.00821EPSS
Exploits0
The Hacker News
The Hacker News
added 2 days ago14 views

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and includin...

9.8CVSS7.8AI score0.00922EPSS
Exploits8
GithubExploit
GithubExploit
added 2 days ago27 views

Exploit for Code Injection in Grafana

CVE-2024-9264 CVE-2024-9264 취약점 실습 보고서 1. 취약점 요약 | 항목...

9.9CVSS5.9AI score0.97781EPSS
Exploits10
OSV
OSV
added 2 days ago5 views

MAL-2026-6580 Malicious code in loadutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago9 views

Malicious code in loadutils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f1f1f6292d782062f6fff1f7422d9f1dc0eb1572e4372d6c0d574ccea3ab3a Package loadutils is a typosquat of the widely-used webpack helper loader-utils. The shipped README documents the loader-utils API urlToRequest,...

5.8AI score
Exploits0References1
OSV
OSV
added 2 days ago6 views

MAL-2026-6578 Malicious code in layerd-unit-codec-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e27d4511e4a3f335712736eebef6cf8e55e3f1bccbb13ded2fcef675622e58e1 Package is published as layerd-unit-codec-parser but its README, install instructions, and example imports present it as...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in layerd-unit-codec-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e27d4511e4a3f335712736eebef6cf8e55e3f1bccbb13ded2fcef675622e58e1 Package is published as layerd-unit-codec-parser but its README, install instructions, and example imports present it as...

5.9AI score
Exploits0References1
F5 Networks
F5 Networks
added 2 days ago9 views

K000161947: Cross-site scripting (XSS) vulnerability in Grafana CVE-2025-4123

Security Advisory Description A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does...

7.6CVSS7.5AI score0.97809EPSS
Exploits6
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago7 views

Malicious code in pino-debugging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f34694171d099a29f77430359b02afb82c2333967feb1ec6e0bd845b98244b9 Package name impersonates the legitimate pino-debug. The main entry index.js requires a transitive dependency 'loadutils' that pulls a further...

5.8AI score
Exploits0References2
Rows per page
Query Builder