Lucene search
K

75997 matches found

The Hacker News
The Hacker News
added 5 hours ago5 views

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

xAI's Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured one of those uploads, cloned the git bundle o...

6.2AI score
Exploits0
Nuclei
Nuclei
added 7 hours ago95 views

WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting

WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the 1 lat Latitude, 2 long Longitude, 3 mapwidth, 4 mapheight, or 5 zoom Map Zoom parameters i...

6.8CVSS6AI score0.03831EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago51 views

Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting

The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. id: CVE-2017-18557 info: name: Google Maps by BestWebSoft 1.3.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.01384EPSS
Exploits1References4
Nuclei
Nuclei
added 7 hours ago34 views

Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

6.1CVSS6.4AI score0.01384EPSS
Exploits1References4
Nuclei
Nuclei
added 7 hours ago8 views

WordPress Google Map Professional - Cross-Site Scripting

WordPress Google Map Professional Map In Your Language plugin through 1.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such ...

6.1CVSS7AI score0.00565EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago17 views

Google ADK-Python - Unauthenticated Builder Endpoint

Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...

10CVSS6.4AI score0.01816EPSS
Exploits0References1
Nuclei
Nuclei
added 7 hours ago43 views

WP Go Maps <= 9.0.29 - Cross-Site Scripting

WP Go Maps formerly WP Google Maps plugin for WordPress versions before 9.0.30 is vulnerable to Reflected Cross-Site Scripting via the 'mapid' parameter in the admin map edit page. id: CVE-2024-29931 info: name: WP Go Maps = 9.0.29 - Cross-Site Scripting author: Shivam Kamboj severity: medium...

7.1CVSS7AI score0.00753EPSS
Exploits0References3
Nuclei
Nuclei
added 7 hours ago69 views

WP Google Maps < 7.10.43 - Cross-Site Scripting

The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATHINFO. id: CVE-2019-9912 info: name: WP Google Maps 7.10.43 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The wp-google-maps plugin before 7.10.43 for WordPress has XSS via t...

6.1CVSS6.4AI score0.03028EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago98 views

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

5.3CVSS7AI score0.00879EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago16 views

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

8.8CVSS6.2AI score0.01873EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago11 views

WordPress 10Web Map Builder < 1.0.73 - Unauthenticated SQL Injection

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection id: CVE-2023-0037 info: name: WordPress 10Web Map...

9.8CVSS7.1AI score0.03911EPSS
Exploits2References3
Nuclei
Nuclei
added 7 hours ago63 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago79 views

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as movi...

9.8CVSS7AI score0.06399EPSS
Exploits0References2
CVE
CVE
added yesterday27 views

CVE-2026-14934

CVE-2026-14934 affects Google Cloud BigQuery, Dataform and Colab Enterprise repository creation functionality. A Missing Authorization flaw in versions from October 2025 through May 10, 2026 allows an authenticated attacker to escalate privileges and perform cross-tenant repository takeover. The ...

9.4CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday193 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.4AI score0.74519EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago6 views

Malicious code in google-caja-bower (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e34339f1be6afb8a41b6dbe2f7d7c480d5a438a67ff119b235d1d98ffa2b2e4a [email protected] declares scripts.preinstall = 'node index.js', so index.js runs automatically on npm install. index.js walks the...

6.1AI score
Exploits0References8
NVD
NVD
added 3 days ago6 views

CVE-2026-11591

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
CVE
CVE
added 3 days ago14 views

CVE-2026-11591

CVE-2026-11591 affects the WordPress plugin Widgets for Google Reviews up to version 13.3. It is a Stored Cross‑Site Scripting (XSS) vulnerability triggered via admin settings, caused by insufficient input sanitization and output escaping in the parameters fomo-title and fomo-text . Exploitation ...

4.4CVSS6.2AI score0.00251EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-11591 Widgets for Google Reviews <= 13.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fomo-title' and 'fomo-text' Parameters

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57441

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...

2.1CVSS6AI score0.00245EPSS
Exploits0References8
Rows per page
Query Builder