Lucene search
K

8338 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in contracts-plugins (npm)

The package contracts-plugins was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-7069 Malicious code in @amber-team/router5-plugins (npm)

The package @amber-team/router5-plugins was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-15590 Malicious code in belmgr-plugins (npm)

The package belmgr-plugins was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-16675 Malicious code in cb-serverless-plugins (npm)

The package cb-serverless-plugins was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.1 views

MAL-2025-17520 Malicious code in contracts-plugins (npm)

The package contracts-plugins was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-17572 Malicious code in cordova-plugins-devextremeaddon (npm)

The package cordova-plugins-devextremeaddon was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/14 6:24 p.m.11 views

CVE-2025-24313

Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access...

6.7CVSS6.9AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 6:21 p.m.17 views

CVE-2025-54717

CVE-2025-54717 affects the WordPress WP Membership plugin (versions up to 1.6.3). It is a Missing Authorization flaw due to incorrectly configured access control security levels, enabling a settings change vulnerability. Remediation: upgrade WP Membership to a version later than 1.6.3 (per Patchs...

5.4CVSS5.9AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/14 4:54 p.m.5 views

CVE-2025-55010

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

9.1CVSS8.2AI score0.0087EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2025/08/14 2:35 p.m.3 views

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47806: Fixed stack buffer overflow in SubRip...

5.5CVSS7.9AI score0.00428EPSS
Exploits3References12
OSV
OSV
added 2025/08/14 2:35 p.m.1 views

SUSE-SU-2025:02796-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser bsc1244404. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47806: Fixed stack buffer overflow in SubRi...

5.6CVSS6AI score0.00428EPSS
Exploits3References7
CVE
CVE
added 2025/08/14 9:53 a.m.25 views

CVE-2025-8047

CVE-2025-8047 pertains to a supply‑chain compromise affecting WordPress plugins Disable-right-click-powered-by-pixterme (through v1.2) and Pixter-Image-Digital-License (through v1.0). The plugins load a compromised JavaScript file from an abandoned S3 bucket, enabling an attacker‑controlled backd...

9.8CVSS7.1AI score0.00413EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 9:53 a.m.7 views

CVE-2025-8047 Multiple Plugins from itayamar - Supply Chain Compromise

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert...

0.00413EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 9:53 a.m.1 views

CVE-2025-8047 Multiple Plugins from itayamar - Supply Chain Compromise

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert...

7.1AI score0.00413EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/13 8:54 p.m.11 views

CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

10CVSS0.01489EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/13 8:54 p.m.4 views

CVE-2011-10013 Traq 2.0–2.3 admincp/common.php RCE

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

10CVSS8.6AI score0.01489EPSS
Exploits0References6
NVD
NVD
added 2025/08/13 5:15 a.m.8 views

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS0.01589EPSS
Exploits0References3
CVE
CVE
added 2025/08/13 4:22 a.m.82 views

CVE-2025-7384

CVE-2025-7384 affects the WordPress plugins Database for Contact Form 7, WPforms, and Elementor forms (up to version 1.4.3). The root cause is PHP Object Injection via deserialization of untrusted input in the get_lead_detail function, enabling unauthenticated attackers to inject PHP objects. The...

9.8CVSS8.7AI score0.01589EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/13 4:22 a.m.3 views

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS8.7AI score0.01589EPSS
Exploits0References3
NVD
NVD
added 2025/08/13 4:16 a.m.5 views

CVE-2025-0818

Several WordPress plugins using elFinder versions 2.1.64 and prior are vulnerable to Directory Traversal in various versions. This makes it possible for unauthenticated attackers to delete arbitrary files. Successful exploitation of this vulnerability requires a site owner to explicitly make an...

6.5CVSS0.00697EPSS
Exploits0References8
Rows per page
Query Builder