Lucene search
K

4464 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 4:7 p.m.14 views

Malicious code in @0xlr/stripe-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eda7bf8681a6253ffc4bc965888e45c5374e4ba8d4fe2e17efcd0f227d7ce5e On npm install, postinstall.js enumerates every entry in process.env sorted, bundles it with hostname, username, homedir, cwd, argv, and platform/arc...

5.5AI score
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 a.m.11 views

CVE-2026-49740

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

6.3CVSS0.00215EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 11:16 a.m.12 views

CVE-2026-47348

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS0.00269EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:53 a.m.9 views

CVE-2026-49740 TYPO3 CMS - Insecure Deserialization in Core API

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

6.3CVSS5.8AI score0.00215EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:51 a.m.7 views

CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 9:28 a.m.14 views

EUVD-2026-35388

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.14 views

CVE-2026-11490

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS7AI score0.0029EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 6:0 a.m.27 views

CVE-2026-8981

The CVE describes a vulnerability in the WordPress plugin Custom Block Builder (Lazy Blocks) prior to version 4.3.0 . The issue arises because the plugin does not consistently check the unfiltered_html capability across all code paths that write to its block template fields, enabling an administr...

3.5CVSS5.7AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

TYPO3 CMS 代码问题漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Code vulnerabilities existed in versions prior to TYPO3 CMS 10.4.57, as well as in versions 11.0.0 to 11.5.51, 12.0.0 to 12.4.46, 13.0.0 to 13.4.31, and 14.0.0 to 14.3.3. These vulnerabilities stemmed from...

6.3CVSS6.4AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.4AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47747

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description The cache frontend...

6.3CVSS5.5AI score0.00215EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/08 8:48 p.m.12 views

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.2 - Missing Authorization to Authenticated (Subscriber+) Subscription Pack Cancellation vulnerability

Missing Authorization to Authenticated Subscriber+ Subscription Pack Cancellation vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP User Frontend versions = 4.3.2...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 5:0 a.m.7 views

CVE-2026-11490

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS7AI score0.0029EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 5:0 a.m.8 views

CVE-2026-11490 code-projects Online Music Site Search.php sql injection

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS7AI score0.0029EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 5:0 a.m.15 views

EUVD-2026-35021

A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

7.5CVSS7AI score0.0029EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 5:0 a.m.26 views

CVE-2026-11490

CVE-2026-11490 affects code-projects Online Music Site 1.0. A vulnerability in processing the Category argument in /Frontend/Search.php enables SQL injection. Exploitation can be performed remotely, and public disclosure of the exploit is noted in the sources. Connected documents (Attackerkb and ...

7.5CVSS7AI score0.0029EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Code-Projects Online Music Site 注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of the Code-Projects Online Music Site has a vulnerability due to incorrect handling of the Category parameter in the file/Frontend/Search.php, which may lead to SQL injection attacks...

7.5CVSS7.5AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-7047

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2026/06/06 5:16 a.m.15 views

CVE-2026-9829

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00325EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/06/06 4:28 a.m.11 views

CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS5.8AI score0.00325EPSS
Exploits0References12
Rows per page
Query Builder