Lucene search
K

600 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/03 1:25 p.m.14 views

Malicious code in chrome-stealth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a97fed2b45bf12e5c4ba72089cdc2a1aff4ef42cb5eed242565268439946041a By using the package, the computer is attached to participate in a proxy network and share its IP and bandwidth. This is clearly stated, but the package has no...

6.8AI score
Exploits0References1
OSV
OSV
added 2026/01/03 1:25 p.m.17 views

MAL-2026-28 Malicious code in chrome-stealth (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a97fed2b45bf12e5c4ba72089cdc2a1aff4ef42cb5eed242565268439946041a By using the package, the computer is attached to participate in a proxy network and share its IP and bandwidth. This is clearly stated, but the package has no...

6.7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/13 3:20 a.m.2 views

CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employeespotlightcheckoptin function in all versions up to, and including, 5.1.3. This makes it possible f...

4.3CVSS5.3AI score0.002EPSS
Exploits0References4
CVE
CVE
added 2025/12/13 3:20 a.m.13 views

CVE-2025-13403

CVE-2025-13403 concerns the WordPress plugin Employee Spotlight – Team Member Showcase & Meet the Team (vulnerable through all versions up to and including 5.1.3). The root cause is missing authorization validation in the employee_spotlight_check_optin() function, which allows authenticated attac...

4.3CVSS5.2AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/13 3:20 a.m.24 views

CVE-2025-13403 Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification

The Employee Spotlight – Team Member Showcase & Meet the Team Plugin for WordPress is vulnerable to unauthorized tracking settings modification due to missing authorization validation on the employeespotlightcheckoptin function in all versions up to, and including, 5.1.3. This makes it possible f...

4.3CVSS0.002EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/12 10:2 p.m.8 views

WordPress Employee Spotlight – Team Member Showcase & Meet the Team Plugin plugin <= 5.1.3 - Missing Authorization to Authenticated (Subscriber+) Tracking Opt-In/Opt-Out Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Tracking Opt-In/Opt-Out Modification vulnerability discovered by Legion Hunter in WordPress Plugin Employee Spotlight versions = 5.1.3...

5.3CVSS6.7AI score0.002EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2025/11/20 1:48 p.m.7 views

[Correction] Gmail can read your emails and attachments to power &#8220;smart features&#8221;

Update November 22. We’ve updated this article after realising we contributed to a perfect storm of misunderstanding around a recent change in the wording and placement of Gmail's smart features. The settings themselves aren’t new, but the way Google recently rewrote and surfaced them led a lot o...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/11/18 12:30 p.m.3 views

EUVD-2025-197962

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.22. This makes it possible for unauthenticated attackers to op...

5.3CVSS4.9AI score0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/18 12:30 p.m.5 views

EUVD-2025-197958

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

5.3CVSS4.9AI score0.00236EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 10:15 a.m.3 views

CVE-2025-12392

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

5.3CVSS0.00236EPSS
Exploits0References3
CVE
CVE
added 2025/11/18 9:27 a.m.14 views

CVE-2025-12391

CVE-2025-12391 affects the Restrictions for BuddyPress plugin for WordPress (

5.3CVSS5AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/18 9:27 a.m.10 views

CVE-2025-12391 Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update

The Restrictions for BuddyPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handleoptinoptout function in all versions up to, and including, 1.5.2. This makes it possible for unauthenticated attackers to opt in and out of tracki...

5.3CVSS0.00236EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/18 9:27 a.m.2 views

CVE-2025-12392 Cryptocurrency Payment Gateway for WooCommerce <= 2.0.25 - Missing Authorization to Unauthenticated Tracking Status Update

The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handleoptinoptout' function in all versions up to, and including, 2.0.25. This makes it possible for unauthenticated attackers to op...

5.3CVSS5.8AI score0.00236EPSS
Exploits0References3
Mageia
Mageia
added 2025/11/12 9:29 p.m.7 views

Updated perl-CPAN & perl-HTTP-Tiny packages fix security vulnerabilities

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...

8.1CVSS7.3AI score0.01742EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/05 9:27 a.m.4 views

CVE-2025-12192 The Events Calendar <= 6.15.9 - Sysinfo Key Incorrect Comparison to Unauthenticated Sensitive Information Exposure

The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to, and including, 6.15.9. The sysinfo REST endpoint compares the provided key to the stored opt-in key using a loose comparison, allowing unauthenticated attackers to send a boolean value and obtain t...

5.3CVSS5.4AI score0.00228EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2025/11/04 9:17 a.m.5 views

Sling TV turned privacy into a game you weren’t meant to win

Streaming service Sling TV has settled with the California Attorney General over allegations that it blocked users from exercising their privacy rights. The company will pay $530,000 after being accused of making it difficult for customers to opt out of its data collection practices. The Californ...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/27 1:7 a.m.5 views

EUVD-2025-36059

A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parsedhcpopt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has...

4.8CVSS6.1AI score0.00012EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/27 1:7 a.m.7 views

CVE-2025-12200

...

0.00012EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2025/10/09 11:1 a.m.6 views

California just put people back in control of their data

California's 2025 legislative session closed with 14 new privacy and AI-related bills. We’d like to highlight a few of the most relevant signed bills and encourage other states and countries to follow California’s example. Let’s go over some of the bills that were signed by the governor and how...

6.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-17236

Malware in sbrugna...

6.5CVSS6.5AI score0.01163EPSS
Exploits1References2
Rows per page
Query Builder