Lucene search
+L

1423 matches found

Nuclei
Nuclei
added 7 hours ago82 views

Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting

The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users. id: CVE-2024-6517 info: name: Contact Form 7 Math Captcha =...

6.1CVSS6.1AI score0.00665EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago18 views

Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs that redirect to an external web site via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the...

6.1CVSS6.5AI score0.02072EPSS
Exploits2References3
Nuclei
Nuclei
added 7 hours ago35 views

Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress contains a missing capability check on 'updatemetadata' in all versions up to 1.0.228, letting unauthenticated attackers insert, update, or delete metadata, including user and term metadata, potentially causing loss of...

6.5CVSS5.2AI score0.02131EPSS
Exploits0References5
OSV
OSV
added 4 days ago5 views

MAL-2026-10467 Malicious code in polymarket-stake-kelly-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 01715ebd11c8adf6ac26ce11bc5fc07e6cfb6775fa77dbe1ca022d0d6593b99c [email protected] ships a postinstall script scripts/install-check.cjs referenced by package.json's postinstall hook that on every np...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in awesome-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 379d820ae94a1dd684c187fd2577558795440d8f8cd1fe3cd209c8eb5b303913 [email protected] ships a postinstall script scripts/install-check.cjs that resolves a bundle URL from a remote JSON config at...

6.5AI score
Exploits0References3
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1955 TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

Impact NPE in QuantizedMatMulWithBiasAndDequantize with MKL enable python import tensorflow as tf func = tf.rawops.QuantizedMatMulWithBiasAndDequantize para='a': tf.constant138, dtype=tf.quint8, 'b': tf.constant4, dtype=tf.qint8, 'bias': 31.81644630432129, 47.21876525878906, 109.95201110839844,...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 5:55 a.m.5 views

BIT-MASTODON-2026-50129 Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/05 12:45 p.m.37 views

CVE-2026-14749 mjperpinosa stumasy calculate.php eval code injection

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS0.00322EPSS
Exploits0References6
RustSec
RustSec
added 2026/06/30 12:0 p.m.10 views

mXSS in ammonia via MathML `annotation-xml` encoding strip

If a certain set of MathML tags are enabled, an attacker can inject arbitrary JavaScript code into the user's browser. The annotation-xml tag has slightly different behavior than the other "integration point" tags in MathML and SVG, but ammonia didn't handle it, so it didn't correctly strip the...

6.2AI score
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:18 a.m.8 views

Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36bbf14a743630a93ba7f8d7529d3fae8073f0f585af4343506be6248fc1b59 [email protected] ships a postinstall script install-check.cjs that fetches a JSON config from...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/29 7:18 a.m.5 views

MAL-2026-6587 Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36bbf14a743630a93ba7f8d7529d3fae8073f0f585af4343506be6248fc1b59 [email protected] ships a postinstall script install-check.cjs that fetches a JSON config from...

6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/29 5:33 a.m.13 views

MAL-2026-6585 Malicious code in stake-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a475d161b669ae748124a4d6c1da29ebda6e40da4aa5c3c5e8b10645ef96f57a On npm install, the package's postinstall hook scripts/install-check.cjs, wired via package.json scripts.postinstall fetches a JSON config from a...

6.4AI score
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:33 a.m.17 views

Malicious code in stake-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a475d161b669ae748124a4d6c1da29ebda6e40da4aa5c3c5e8b10645ef96f57a On npm install, the package's postinstall hook scripts/install-check.cjs, wired via package.json scripts.postinstall fetches a JSON config from a...

6.4AI score
Exploits0References7
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:50 p.m.5 views

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 7:50 p.m.16 views

CVE-2026-50129

CVE-2026-50129 affects Mastodon before versions 4.5.11, 4.4.18, and 4.3.24. The issue is a DoS caused by an uncaught exception in the math sanitizer’s MATH_TRANSFORMER due to missing exception handling; malformed nodes can crash the server or disrupt services depending on the action and interact...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 7:50 p.m.18 views

CVE-2026-50129 Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 7:50 p.m.3 views

CVE-2026-50129 Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 3:37 p.m.7 views

CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

9.8CVSS6.6AI score0.00469EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52083

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.11 Mastodon versions prior to 4.4.18 Mastodon versions prior to 4.3.24 Description A Denial of Service DoS can be triggered due to missing exception handling in the math sanitizer. Malformed nodes can cause a DoS...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References7
Rows per page
Query Builder