Lucene search
K

601 matches found

Vulnrichment
Vulnrichment
added 2026/03/19 8:10 a.m.2 views

CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.3...

7.1CVSS5.2AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26267

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder allows Reflected XSS.This issue affects tagDiv Opt-In Builder: from n/a through 1.7.3...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.8 views

WordPress plugin tagDiv Opt-In Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.1CVSS5.7AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 8:10 p.m.4 views

GHSA-VM69-H85X-8P85 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)

Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...

6.8CVSS5.9AI score0.00489EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/18 8:10 p.m.9 views

SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)

Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...

6.8CVSS5.9AI score0.00489EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:34 a.m.2 views

CVE-2026-22217

OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...

7.8CVSS6.5AI score0.00125EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/03/16 10:4 a.m.8 views

WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin tagDiv Opt-In Builder versions = 1.7.3...

7.1CVSS5.8AI score0.0019EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/03/03 9:49 p.m.4 views

GHSA-3CVX-236H-M9FJ OpenClaw has an opt-in insecure Control UI auth over plaintext HTTP could allow privileged access

Description In affected releases, when an operator explicitly enabled gateway.controlUi.allowInsecureAuth: true and exposed the gateway over plaintext HTTP, Control UI authentication could permit privileged operator access without the intended device identity + pairing guarantees. This required a...

7.5CVSS5.9AI score0.00381EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/03 6:10 p.m.11 views

OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container

Summary Sandbox browser container launched Chromium with --no-sandbox by default, disabling Chromium's OS-level sandbox protections. Affected Packages / Versions - Package: openclaw npm ecosystem - Latest published npm version at triage time 2026-02-21: 2026.2.19-2 - Affected range: = 2026.2.19-2...

9.8CVSS5.9AI score0.00288EPSS
Exploits0References6Affected Software1
Wired Threat Level
Wired Threat Level
added 2026/02/27 10:0 a.m.4 views

Data Broker Breaches Fueled Nearly $21 Billion in Identity-Theft Losses

A report copublished by WIRED sparked a probe into opt-out pages hidden by data brokers. Now congressional Democrats say breaches tied to the industry have cost people tens of billions of dollars...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/26 3:38 p.m.9 views

Malicious code in flycord (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b2071af47a4b327550f5614253b291b893e0741e6f2ebe3b4378a4794696d211 When the user uses the provided library, this package silently reports basic information and the result of the user's action to a hardcoded, obfuscated URL...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/02/26 3:38 p.m.7 views

MAL-2026-1049 Malicious code in flycord (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b2071af47a4b327550f5614253b291b893e0741e6f2ebe3b4378a4794696d211 When the user uses the provided library, this package silently reports basic information and the result of the user's action to a hardcoded, obfuscated URL...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/02/22 4:53 p.m.12 views

MAL-2026-983 Malicious code in tensorflow-opt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2197ee3bfb727ff46f407a50a515013ad05c423bfe202eea90eb6b593f08b14 Package is likely a dependency confusion against some legitimate extension packages for TensorFlow but contains just cryptominers. When calling the "start"...

5.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20863

Name of the Vulnerable Software and Affected Versions CDATA FD614GS3-R850 version 3.2.7 P161006 Build.0333.250211 Description A buffer overflow issue exists in CDATA FD614GS3-R850 version 3.2.7 P161006 Build.0333.250211. This flaw allows an attacker to potentially execute arbitrary code by...

9.8CVSS6AI score0.00205EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.6 views

Fedora 42 : bind / bind-dyndb-ldap (2026-34c921d252)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-34c921d252 advisory. Update to 9.18.44 rhbz2431609 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 Bug Fixes: - Allow glue in delegations...

7.5CVSS6AI score0.08219EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/05 9:26 p.m.8 views

WordPress Keap Official Opt-in Forms plugin < 1.0.12 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by MINGYOUNG BAN in WordPress Plugin Keap Official Opt-in Forms versions 1.0.12...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2026:0348-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0348-1 advisory. Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records bsc1256997 Featur...

7.5CVSS6.2AI score0.08219EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.4 views

Fedora 43 : bind / bind-dyndb-ldap (2026-567ff6c687)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-567ff6c687 advisory. Update to 9.18.44 rhbz2431609 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 Bug Fixes: - Allow glue in delegations...

7.5CVSS6AI score0.08219EPSS
Exploits0References2
OSV
OSV
added 2026/01/22 4:50 p.m.4 views

SUSE-SU-2026:20135-1 Security update for bind

This update for bind fixes the following issues: Upgrade to release 9.20.18: - CVE-2025-13878: Fixed incorrect length checks for BRID and HHIT records bsc1256997 Feature Changes: Add more information to the rndc recursing output about fetches. Reduce the number of outgoing queries. Provide more...

7.5CVSS6AI score0.08219EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Fedora 44 : bind / bind-dyndb-ldap (2026-925e7cce85)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-925e7cce85 advisory. Update to 9.18.44 rhbz2431609 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 Bug Fixes: - Allow glue in delegations...

7.5CVSS6AI score0.08219EPSS
Exploits0References2
Rows per page
Query Builder