Lucene search
+L

606 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 5:31 a.m.14 views

CVE-2026-8787

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

6AI score0.00283EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/27 5:31 a.m.36 views

CVE-2026-8787

The CVE applies to the WordPress plugin Firebase Support & Chat Management (up to version 3.1.1 ). The root cause is in the firebase_auth() function, which authenticates using the target WordPress user’s email supplied in the user_email POST parameter without verifying ownership or issuing a vali...

8.8CVSS6AI score0.00283EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.39 views

CVE-2026-8787 Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...

8.8CVSS0.00283EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

WordPress plugin Firebase Support & Chat Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.9AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-43507

Name of the Vulnerable Software and Affected Versions Firebase Support & Chat Management plugin for WordPress versions prior to 3.1.2 Description An issue allows authenticated attackers with Subscriber-level access or higher to escalate privileges and achieve full account takeover. The firebase...

8.8CVSS5.8AI score0.00283EPSS
Exploits0References8
OSV
OSV
added 2026/05/21 3:51 p.m.12 views

MAL-2026-4509 Malicious code in celonix-otp-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df58532b5edb3f7a5ad9734a7f4fa46f062c0f220d578db42a223188d078d9bb The package presents itself as a React OTP component, but its only exported widget hardcodes a single Firebase Realtime Database URL...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:28 a.m.12 views

Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

5.8AI score
Exploits0References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 8:37 p.m.16 views

Malicious code in nebulix-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ea83117b0ae362a2b55ad581d69b3600c81b78d2e90c19bb1ea9eea2266a4c The package's documented NebulixEngine.chat API hardcodes two Firebase Realtime Database URLs owned by the author...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 8:37 p.m.15 views

MAL-2026-4758 Malicious code in nebulix-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ea83117b0ae362a2b55ad581d69b3600c81b78d2e90c19bb1ea9eea2266a4c The package's documented NebulixEngine.chat API hardcodes two Firebase Realtime Database URLs owned by the author...

5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/13 5:22 p.m.8 views

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-45740 via protobufjs (>=7.0.0 <=7.5.6)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:6 p.m.9 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44295 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44295 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643443...

8.7CVSS5.8AI score0.00395EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.17 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44292 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44292 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643320...

5.3CVSS5.8AI score0.00264EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.6 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44290 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44290 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643420...

7.5CVSS5.8AI score0.00374EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.6 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44288 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643235...

5.3CVSS5.8AI score0.00301EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:44 a.m.18 views

Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/12 7:44 a.m.8 views

MAL-2026-3674 Malicious code in 66o (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3ba0e9f968d627812a2a4efbb8631d3400b6c19692c7668c8e511e2808aaa62 On require, index.js replaces the global console object with a Proxy index.js:36-73 that intercepts console.error/info/warn calls anywhere in the hos...

5.8AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:44 a.m.16 views

Malicious code in 6cc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4956159952af1b6af08b70ab219d7827988fae1fd82994f29090a1f2bf299094 index.js executes on require as an IIFE that reassigns console.warn/error and adds console.SL/FB/N to forward arguments via fetch to a hardcoded...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/12 7:44 a.m.8 views

MAL-2026-3675 Malicious code in 6cc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4956159952af1b6af08b70ab219d7827988fae1fd82994f29090a1f2bf299094 index.js executes on require as an IIFE that reassigns console.warn/error and adds console.SL/FB/N to forward arguments via fetch to a hardcoded...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 7:43 a.m.18 views

Malicious code in 8q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a10addd46910ba157e59c0c301c15ea56de73adb23c4d3422520b67876cdc0e The package's declared main entry router.js is an IIFE that runs the moment an installer's code executes require'8q' or import '8q'. On load it...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/12 7:43 a.m.6 views

MAL-2026-3678 Malicious code in 8q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a10addd46910ba157e59c0c301c15ea56de73adb23c4d3422520b67876cdc0e The package's declared main entry router.js is an IIFE that runs the moment an installer's code executes require'8q' or import '8q'. On load it...

5.9AI score
Exploits0References1
Rows per page
Query Builder