CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1373 matches found

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...

9.8CVSS8.6AI score0.74641EPSS

Exploits2References3

Nuclei•added 20 hours ago•20 views

Liferay Portal - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...

6.9CVSS5AI score0.25059EPSS

Exploits0References2

Vulnrichment•added yesterday•4 views

CVE-2026-53810 OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points...

8.8CVSS5.8AI score

Exploits0References2

Cvelist•added yesterday•26 views

CVE-2026-53810 OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata

8.8CVSS

Exploits0References2

CVE•added yesterday•7 views

CVE-2026-53810

OpenClaw is affected by a code execution vulnerability present before version 2026.5.18. The issue arises from marketplace runtime extension metadata that can redirect loading to unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin co...

8.8CVSS6AI score

Exploits0References2Affected Software1

EUVD•added yesterday•5 views

EUVD-2026-36316

8.8CVSS6AI score

Exploits0References2

OSSF Malicious Packages•added yesterday•8 views

Malicious code in @marketplace-shared/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98933a5f467c2a623815ed46e5baf6838ba6e86e8055b48d4941da3bf59e5c41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score

Exploits0References1

OSV•added yesterday•2 views

MAL-2026-5658 Malicious code in @marketplace-shared/components (npm)

5.5AI score

Exploits0References1

Positive Technologies•added yesterday•6 views

PT-2026-48740

8.8CVSS6AI score

Exploits0References3

RedhatCVE•added 2026/06/05 7:13 p.m.•6 views

CVE-2026-48027

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for 18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the...

9.8CVSS5.4AI score0.32065EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:11 p.m.•6 views

CVE-2026-8140

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/. The download method in concrete/controllers/singlepage/dashboard/extend/install.php checks only the canInstallPackages permission before fetching a remote marketplace...

7.5CVSS5.5AI score0.00018EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:10 p.m.•7 views

CVE-2026-8426

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/prepareremoteupgrade/. An attacker who controls the remote package returned for a known marketplace item ID can overwrite the package PHP on disk and force its upgrade method to...

8.8CVSS6.3AI score0.00076EPSS

Exploits0References1

CVE•added 2026/06/04 1:22 p.m.•8 views

CVE-2019-25739

GigToDo 1.3 is affected by a persistent cross-site scripting vulnerability accessible through the create_proposal endpoint, enabling authenticated attackers to inject JavaScript/HTML in the proposal description. When stored proposals are viewed by admins or other users, the payload can execute, p...

5.4CVSS5.7AI score0.00031EPSS

Exploits0References4

Snyk•added 2026/05/29 10:54 p.m.•8 views

Malicious Package

Overview @cloudplatform-single-spa/marketplace-gigachat is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score

Exploits0References2

Akamai Blog•added 2026/05/28 12:0 p.m.•8 views

Consistent Protections Without Compromise: Akamai’s WAF Is Now on AWS Marketplace

...

5.8AI score

Exploits0

NVD•added 2026/05/27 5:16 p.m.•14 views

CVE-2026-48027

9.8CVSS0.32065EPSS

Exploits1References5

Vulnrichment•added 2026/05/27 3:50 p.m.•8 views

CVE-2026-48027 Compromised Nx Console version 18.95.0

9.3CVSS5.8AI score0.32065EPSS

Exploits1References4

Cvelist•added 2026/05/27 3:50 p.m.•113 views

CVE-2026-48027 Compromised Nx Console version 18.95.0

9.3CVSS0.32065EPSS

Exploits1References4

CVE•added 2026/05/27 3:50 p.m.•35 views

CVE-2026-48027

Summary: CVE-2026-48027 affects Nx Console, a UI for Nx & Lerna. A malicious copy of Nx Console version 18.95.0 was published briefly in Visual Studio Marketplace (and OpenVSX) around 12:30–12:48 UTC (≈18 minutes) and 12:33–13:09 UTC (≈36 minutes) respectively. The compromised package allowed cod...

9.8CVSS5.8AI score0.32065EPSS

In wildExploits1References5Affected Software1

EUVD•added 2026/05/27 3:50 p.m.•8 views

EUVD-2026-32550

9.8CVSS5.8AI score0.32065EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by