Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/22 4:16 p.m.33 views

CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS0.00228EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/06 10:31 p.m.5 views

WordPress Ultimate Addons for Elementor Lite plugin < 2.5.0 - Author+ Stored XSS vulnerability

Author+ Stored XSS vulnerability discovered by Tony in WordPress Plugin Ultimate Addons for Elementor - Lite versions 2.5.0...

4.3CVSS6AI score0.00165EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/08/30 12:2 a.m.5 views

WordPress Ocean Extra plugin <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via oceanwp_library Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via oceanwplibrary Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ocean Extra versions = 2.4.9...

6.4CVSS5.6AI score0.00232EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/06/19 1:15 a.m.5 views

AZL-64170 CVE-2025-50181 affecting package python-urllib3 for versions less than 1.26.19-2

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

6.1CVSS6.5AI score0.00409EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2018/12/21 5:48 p.m.31 views

Directory Traversal vulnerability in Square Retrofit

Square Retrofit versions from including 2.0 to 2.5.0 excluding contain a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter. By manipulating the URL an attacker could add or delete resources otherwise unavailable to her. This attack appears to be exploitable via an...

7.5CVSS3.7AI score0.04033EPSS
Exploits1References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/04/02 5:29 p.m.4 views

CVE-2018-9127

Botan 2.2.0 - 2.4.0 fixed in 2.5.0 improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must alrea...

9.8CVSS5.6AI score0.00963EPSS
Exploits0References2
Rows per page
Query Builder