Lucene search
+L

18 matches found

CVE
CVE
added 2025/12/13 4:31 a.m.20 views

CVE-2025-14539

CVE-2025-14539 relates to the WordPress plugin Shortcode Ajax (Shortcode Loader/shortcode-ajax). The vulnerability arises because the plugin executes do_shortcode on a value that is not properly validated, allowing unauthenticated attackers to execute arbitrary shortcodes. Affected versions are a...

5.4CVSS6.3AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/12 4:29 a.m.2 views

EUVD-2025-121585

Malicious code in style-loader-rollup-plugin-izar-phoebe npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.3 views

MAL-2025-148340 Malicious code in style-loader-rollup-plugin-izar-phoebe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec4a0e6674e333da99262c9589dc038cd6e957c309248b12349a0364661a27f5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 4:29 a.m.2 views

MAL-2025-147677 Malicious code in sass-loader-mui-library-optimize-css-assets-webpack-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66e74a0f0b1190b28e62b75438426908b78b6776a7293dc127d4f7f037d74279 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11580

Malware in sbrugna...

4.3CVSS4.9AI score0.00435EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5283

Malicious code in bioql PyPI...

9.9CVSS6.9AI score0.01938EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/23 2:1 a.m.5 views

Malicious code in my-check-inline-loader-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158a5f06d42d4341fa6161944260a13e1cd79d01a746eddd52ce26b77770024e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/05/23 2:1 a.m.5 views

MAL-2025-4378 Malicious code in my-check-inline-loader-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 158a5f06d42d4341fa6161944260a13e1cd79d01a746eddd52ce26b77770024e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.11 views

CVE-2021-24668

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

4.3CVSS6.8AI score0.00435EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.33 views

Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin

Jenkins Pipeline Remote Loader Plugin before 1.5 provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS4.3AI score0.01938EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/11/23 8:15 p.m.4 views

CVE-2021-24668

The MAZ Loader WordPress plugin before 1.4.1 does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack...

4.3CVSS5.9AI score0.00435EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.4 views

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The WordPress plugin is a WordPress open source application plugin. The WordPress plugin is vulnerable to SQL injection, which stems from the fact that The MAZ Loader plugin does not validate or...

8.8CVSS5.9AI score0.01292EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.24 views

WordPress MAZ Loader plugin <= 1.4.0 - Arbitrary Loader Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Loader Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress MAZ Loader plugin versions = 1.4.0. Solution Update the WordPress MAZ Loader plugin to the latest available version at least 1.4.1...

4.3CVSS4.1AI score0.00435EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2019/08/27 12:0 a.m.5 views

WordPress advanced-ajax-page-loader plugin permissions permission and access control issues vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. advanced-ajax-page-loader is an AJAX page loading plugin used in it. The WordPress advanced-ajax-page-loader plugin is...

5.3CVSS6.8AI score0.01332EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/07/16 12:0 a.m.5 views

The vulnerability of the Jenkins Pipeline Remote Loader plugin, related to defects in the data protection mechanism, allows attackers to circumvent sandbox restrictions.

The vulnerability of the Jenkins Pipeline Remote Loader plugin is related to deficiencies in data protection mechanisms. Exploiting this vulnerability allows a malicious actor to bypass sandbox restrictions and execute arbitrary methods remotely...

9.9CVSS5.8AI score0.01938EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2019/05/31 3:29 p.m.25 views

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.9CVSS6.9AI score
Exploits0References5
Cvelist
Cvelist
added 2019/05/31 2:20 p.m.45 views

CVE-2019-10328

Jenkins Pipeline Remote Loader Plugin 1.4 and earlier provided a custom whitelist for script security that allowed attackers to invoke arbitrary methods, bypassing typical sandbox protection...

9.7AI score0.01938EPSS
Exploits0References5
CVE
CVE
added 2019/05/31 2:20 p.m.272 views

CVE-2019-10328

CVE-2019-10328 affects Jenkins Pipeline Remote Loader Plugin (before 1.5). An unsafe Script Security whitelist entry allowed attackers to invoke arbitrary methods, bypassing sandbox protection and impacting confidentiality, integrity, and availability. Public references in Red Hat advisory RHSA-2...

9.9CVSS9.4AI score0.01938EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder