Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/22 4:16 p.m.30 views

CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/11 11:59 p.m.7 views

WordPress Mailgun Subscriptions plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Mailgun Subscriptions versions = 1.3.1...

6.4CVSS5.6AI score0.00188EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/10/23 10:31 p.m.5 views

WordPress Time Clock plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Time Clock versions = 1.3.1...

6.4CVSS5.5AI score0.00218EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/02/16 7:15 p.m.5 views

AZL-13606 CVE-2023-0475 affecting package terraform for versions less than 1.3.2-22

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0...

6.5CVSS6.5AI score0.00454EPSS
Exploits0References1
Rows per page
Query Builder