Lucene search
K

528 matches found

NVD
NVD
added 2026/03/25 5:16 p.m.6 views

CVE-2026-25328

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through = 2.2.4...

6.8CVSS0.00354EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/09 12:31 p.m.8 views

airflow-add-ons (>=0.2.4 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-25604 via apache-airflow-providers-amazon (>=1.4.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =1.4.0, =0.2.4, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-25604 Source advisory: OSV:GHSA-RV5F-CCPM-XJJ4...

5.4CVSS5.7AI score0.00359EPSS
Exploits1
HackRead
HackRead
added 2026/02/06 12:58 p.m.7 views

17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware

Bitdefender Labs reveals that 17% of OpenClaw AI skills analyzed in February 2026 are malicious. With over 160,000…...

5.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/30 1:42 p.m.9 views

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access

Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens. One of the extensions in question is Amazon Ads Blocker ID: pnpchphmplpdimbllknjoiopmfphellj, which...

6.1CVSS6.9AI score0.01004EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/09 12:28 p.m.8 views

CVE-2023-40599

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...

7.5CVSS7AI score0.00672EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:59 a.m.6 views

CVE-2023-49777

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0...

9.1CVSS8.5AI score0.0069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:36 a.m.6 views

CVE-2020-12073

The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests...

9.1CVSS6.9AI score0.01581EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/01/05 12:0 a.m.6 views

Craft CMS 安全漏洞

Craft CMS is an open source content management system CMS from Craft CMS. A security vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, which stems from a malicious add-on behavior that could lead to authenticated remote code execution...

8.6CVSS8.2AI score0.00812EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2025/12/31 4:14 p.m.9 views

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/12/19 7:32 a.m.7 views

CVE-2025-60080

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...

7.5CVSS5.9AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 9:30 a.m.6 views

EUVD-2025-204105

Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through = 6.3.2...

8.8CVSS6.5AI score0.00355EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/18 9:30 a.m.6 views

EUVD-2025-204106

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.3.1...

8.8CVSS6.5AI score0.00355EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52140

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through = 6.3.1...

7AI score0.00355EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 12:15 p.m.5 views

CVE-2025-10249

The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above...

6.5CVSS0.00354EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/09 11:20 a.m.5 views

EUVD-2025-33332

The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above...

6.5CVSS4.8AI score0.00354EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 11:20 a.m.3 views

CVE-2025-10249 Slider Revolution <= 6.7.37 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Read

The Slider Revolution plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions in all versions up to, and including, 6.7.37. This makes it possible for authenticated attackers, with Contributor-level access and above...

6.5CVSS4.9AI score0.00354EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.6 views

PT-2025-41371

Name of the Vulnerable Software and Affected Versions Slider Revolution plugin for WordPress versions prior to 6.7.38 Description The Slider Revolution plugin for WordPress is susceptible to unauthorized access and modification of data because of a missing capability check on several functions...

6.5CVSS6AI score0.00354EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-7743

Malware in sbrugna...

7.3CVSS6.5AI score0.00717EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-2180

Malware in sbrugna...

5CVSS6.4AI score0.0181EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-0307

Malware in sbrugna...

5CVSS6.4AI score0.01634EPSS
Exploits0References5
Rows per page
Query Builder