Lucene search
K

242 matches found

Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-10551 Breeze Cache < 2.5.6 - Unauthenticated Stored XSS via Minify Library

The Breeze Cache WordPress plugin before 2.5.6 is vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the fina...

0.00149EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-10551

The Breeze Cache WordPress plugin (before version 2.5.6) is vulnerable to unauthenticated Stored XSS due to a predictable replacement hash in the HTML minification process and a related regex misusage. An attacker can inject arbitrary HTML attributes into the final HTML by predicting the placehol...

6.1CVSS6.2AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-9282 W3 Total Cache <= 2.9.4 - Unauthenticated Arbitrary File Read via 'f_array[]' Parameter

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00676EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00676EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:38 p.m.5 views

CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS5.9AI score0.00609EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 7:38 p.m.22 views

CVE-2026-56017

JavaScript::Minifier::XS (Perl) is affected in versions before 0.16. The vulnerability arises when the first meaningful token is a slash; the JsTokenizeString logic examines the previous token and, with no valid preceding token, dereferences a NULL pointer, causing a crash. The public minify() AP...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.6 views

PT-2026-53732

Name of the Vulnerable Software and Affected Versions JavaScript::Minifier::XS versions prior to 0.16 Description A NULL pointer dereference occurs when the first meaningful token of the input is a slash. The issue resides in the JsTokenizeString function within the XS.xs file, where the regexp...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 8:17 p.m.22 views

MAL-2026-5837 Malicious code in postcss-minify-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc7341d6762a6209e4bde3d99f31f1a8650b6971e64a19547b9f35e7a51abb3 Package is published as postcss-minify-selector singular but its internal postcss plugin identifier is postcss-minify-selectors plural — the canonica...

5.8AI score
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:17 a.m.48 views

Malicious code in postcss-minify-selector-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...

6AI score
Exploits0References10
Patchstack
Patchstack
added 2026/06/11 1:18 p.m.13 views

WordPress Speed Optimizer plugin < 7.7.9 - Unauthenticated Stored XSS via Minify Library vulnerability

Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Speed Optimizer versions 7.7.9...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:17 p.m.12 views

WordPress Clearfy Cache plugin < 2.4.2 - Unauthenticated Stored XSS via Minify Library vulnerability

Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Clearfy Cache versions 2.4.2...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/11 1:17 p.m.12 views

WordPress Autoptimize plugin < 3.1.15 - Unauthenticated Stored XSS via Minify Library vulnerability

Unauthenticated Stored XSS via Minify Library vulnerability discovered by Matthew Rollings in WordPress Plugin Autoptimize versions 3.1.15...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/18 6:0 a.m.51 views

CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library

The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...

0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 6:0 a.m.43 views

CVE-2026-3220

CVE-2026-3220 affects three WordPress plugins: Autoptimize (before 3.1.15), Clearfy Cache (before 2.4.2), and Speed Optimizer (before 7.7.9). The issue is unauthenticated Stored XSS caused by a predictable replacement hash used during HTML minification and an abused regular expression, allowing a...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 5:34 p.m.9 views

Prototype Pollution

Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution in the setNestedProperty function when processing translation catalog keys containing reserved properties such as proto, constructor, o...

6.6CVSS6.3AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/06 5:34 p.m.5 views

@0xchain/empty (>=0.0.1 <=1.1.0-beta.4), @0xchain/expandable-text (>=0.0.1 <=1.1.0-beta.18) +112 more potentially affected by unknown CVE via icu-minify (=4.13.0)

icu-minify NPM version =4.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on icu-minify and may be impacted: - @0xchain/empty =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =0.1.1, =2.2.0, =2.5...

5.7AI score
Exploits0
OSV
OSV
added 2026/05/06 5:32 p.m.6 views

GHSA-R27J-894H-3W3P mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

3.7CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/05/06 5:32 p.m.9 views

Prototype Pollution

Overview icu-minify is an ICU message format compiler with a 1KB runtime bundle footprint Affected versions of this package are vulnerable to Prototype Pollution via the formatSelect function. An attacker can cause the application to crash and trigger a server error by supplying specially crafted...

8.2CVSS6.3AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/06 5:32 p.m.5 views

@0xchain/empty (>=0.0.1 <=1.1.0-beta.4), @0xchain/expandable-text (>=0.0.1 <=1.1.0-beta.18) +112 more potentially affected by unknown CVE via icu-minify (=4.13.0)

icu-minify NPM version =4.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on icu-minify and may be impacted: - @0xchain/empty =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.1, =0.1.0, =0.1.1, =2.2.0, =2.5...

5.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/06 5:32 p.m.28 views

mcp-data-vis vulnerable to denial of service via unsanitized `select` key lookup on `Object.prototype` with `precompile: true`

Summary icu-minify's runtime formatter resolves select branches by looking up the runtime value as a plain property on a prototype-bearing object. When the value coerces to a key that exists on Object.prototype e.g. toString, proto, constructor, hasOwnProperty, valueOf, the lookup returns a truth...

6AI score
Exploits0References2Affected Software1
Rows per page
Query Builder