Lucene search
K

225131 matches found

Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.13 views

PT-2026-42867

The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the ppc-create-order and ppc-get-order WC-AJAX endpoints in all versions up to, and including, 4.0.1. The ppc-create-order endpoi...

8.2CVSS5.9AI score0.00401EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:46 p.m.11 views

Malicious code in peertube-plugin-google-analytics-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c66b6ebad55556f956fbc181293327eb4051d2ec6de6436a24d027fac58e580 This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script client/common-client-plugin.js:8 registers a...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/22 6:46 p.m.6 views

MAL-2026-4636 Malicious code in peertube-plugin-google-analytics-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c66b6ebad55556f956fbc181293327eb4051d2ec6de6436a24d027fac58e580 This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script client/common-client-plugin.js:8 registers a...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/22 5:25 p.m.7 views

MAL-2026-4629 Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

5.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 5:25 p.m.12 views

Malicious code in openmct-couch-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce8eff366d17efa64bf8605941d009d01cf7a24aaf011af30faec449fc4a2e28 On npm install, the package's preinstall script runs node index.js and then curls the output of hostname && whoami to...

5.8AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/22 5:5 p.m.98 views

Exploit for CVE-2026-8181

CVE-2026-8181 — Burst Statistics 3.4.0 – 3.4.1.1 — Authenticat...

9.8CVSS5.9AI score0.14608EPSS
Exploits10
Snyk
Snyk
added 2026/05/22 1:44 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing request body size limits on plugin HTTP endpoints. An attacker can exhaust system resources by sending crafted oversized HTTP requests. Remediation Upgrade...

7.5CVSS5.8AI score0.00254EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 1:44 p.m.7 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the API request handlers due to insufficient validation of user-supplied input. An attacker can cause the plugin process to crash by sending a specially crafted HTTP request to the PR...

5.3CVSS5.8AI score0.0025EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 1:29 p.m.11 views

MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 1:29 p.m.12 views

Malicious code in pulumi-vcd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/22 1:18 p.m.14 views

OESA-2026-2397 mariadb security update

MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...

7CVSS6.4AI score0.00414EPSS
Exploits1References3
OSV
OSV
added 2026/05/22 1:18 p.m.13 views

OESA-2026-2395 mariadb security update

MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...

5.3CVSS7.1AI score0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/05/22 11:16 a.m.9 views

CVE-2026-5308

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646...

7.5CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 11:16 a.m.11 views

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/05/22 10:59 a.m.3 views

SUSE-SU-2026:21786-1 Security update for libzypp

This update for libzypp fixes the following issue - CVE-2026-44933: scan of the Mandatory signature verification plugin support bsc1265223...

8.5CVSS5.8AI score0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:25 a.m.10 views

CVE-2026-4646

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 10:25 a.m.11 views

EUVD-2026-31430

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 10:25 a.m.22 views

CVE-2026-4646

Mattermost has an input-validation flaw in the API request handlers used by the PR details endpoint. Affected versions are 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

4.3CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 10:25 a.m.7 views

CVE-2026-4646 Insufficient input validation in GitHub plugin API causes denial of service

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 10:25 a.m.29 views

CVE-2026-4646 Insufficient input validation in GitHub plugin API causes denial of service

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...

4.3CVSS0.0025EPSS
Exploits0References1
Rows per page
Query Builder