Lucene search
K

781351 matches found

NVD
NVD
added 15 minutes ago2 views

CVE-2026-15097

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References6
NVD
NVD
added 15 minutes ago1 views

CVE-2026-15096

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS
Exploits0References5
CVE
CVE
added 1 hour ago3 views

CVE-2026-15096 Themify Builder <= 7.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Module 'b_width_map' Field

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.2AI score
Exploits0References5
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-15096 Themify Builder <= 7.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Module 'b_width_map' Field

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS
Exploits0References5
CVE
CVE
added 1 hour ago4 views

CVE-2026-15097 Themify Builder <= 7.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height_slider' Slider Module Field

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-15097 Themify Builder <= 7.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height_slider' Slider Module Field

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'heightslider' Slider Module Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 4 hours ago5 views

Weekly Metasploit Update: Exploits for FlowiseAI CSV Agent and MacOS Package Kit

More AI, more software, more bugs! AI, it's all you hear about nowadays and everyone's got an opinion on it. Here at Metasploit, we care less about those opinions and more about the growing attack surface all this new software brings with it yeehaw exploits!. Take for example the new Flowise CSV...

9.8CVSS6.5AI score0.01028EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 5 hours ago13 views

Security Bulletin: IBM Storage Scale System: Vulnerability in Linux kernel crypto subsystem could allow local privilege escalation (CVE-2026-31431)

Summary IBM Storage Scale Systems is affected by a security vulnerability identified in the Linux kernel's cryptographic interface CVE-2026-31431 that could allow a local user with low privileges to escalate to root privileges. The vulnerability has a CVSS score of 7.8 High and requires local...

7.8CVSS6.6AI score0.96267EPSS
Exploits229Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 hours ago3 views

Malicious code in authvaultx (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fbb555b68c6fa973cbdfe9b7e7e8c752faf3013859c6c9d9d3a2b2dedab256b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.1AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added yesterday8 views

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6AI score0.00127EPSS
Exploits0References6Affected Software4
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in @uwr/colors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91240d8fb55b7ed4730a41f3a334c633bf1a03afb649fd473cad0c0a25312847 The package's postinstall script reads the installer's machine hostname via os.hostname and performs a DNS lookup of...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in fkext-browser-min (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e56088bc1216133ce76ad6026b73c2fd6977f9c64ec1c2ab38234dc90403b2c The package runs vishu.js as a preinstall lifecycle hook on npm install. That script fetches the machine's public IP from api.ipify.org, collects...

6.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in @broadpeak/smartlib-ad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45df33d93645560085a7efe94308b0e3d846f30c829f2d2804bcdb1245626289 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js loads childprocess/os/https, runs whoami and id,...

6.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in consumerweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74612bbfc323641d0141b4f1b495d6ea5f9b52129f2391bf21c5fabf63702ca7 On npm install, both preinstall and postinstall lifecycle hooks execute index.js, which collects host reconnaissance os.hostname, os.userInfo.usernam...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in express-guardian (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c911dfdf99f0c6e13cb9e55883a5c2e17cca0b78d3149e38c0cafb6320ea742 The package advertises itself as Express security middleware XSS/SQLi protection, input sanitization but the middleware returned to Express is a no-o...

6.3AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in mongoose-schema-unique (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e3806417e775917428aeea0eb50ecbfec0bc2220282bee33f4138ff43e80dca index.js runs an async IIFE at module load that performs an outbound fetch to https://www.jsonkeeper.com/b/XVHGD an anonymous, mutable, public...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in auth-next-gen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe0926f0a2c1f47072efaac014be38bb00c8e9f31f59badf188b1ed74dd5c2ce On require of auth-next-gen, index.js loads lib/writer.js, which at module top level performs an axios GET against a base64-obfuscated URL...

6.5AI score
Exploits0References4
NVD
NVD
added yesterday6 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS
Exploits0References4
Cvelist
Cvelist
added yesterday9 views

CVE-2026-55883 Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS
Exploits0References4
CVE
CVE
added yesterday21 views

CVE-2026-55883

Tilt HUD WebSocket (/ws/view) in Tilt is affected from 0.24.0 through 0.37.3. CSRF-protected, but the token is served from an unauthenticated /api/websocket_token endpoint and the upgrader accepts connections without an Origin header, enabling network-reachable attackers to read session state, Ti...

8.3CVSS6.2AI score
Exploits0References4
Rows per page
Query Builder