Lucene search
K

485 matches found

Nuclei
Nuclei
added 13 hours ago24 views

WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting

The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. id: CVE-2019-9881 info: name: WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting author: intelligent-ears severity:...

5.3CVSS6.5AI score0.18832EPSS
Exploits3References4
CVE
CVE
added 6 days ago11 views

CVE-2026-12406

The CVE concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” (WPUF). All versions up to 4.3.7 are affected by an authorization bypass that allows unauthenticated attackers to delete arbitrary media attachments with pos...

5.3CVSS5.9AI score0.00323EPSS
Exploits0References10
Circl
Circl
added 2026/07/01 4:40 p.m.10 views

CVE-2026-24249

creationtimestamp| type| source ---|---|--- 2026-07-01 16:40:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplxhlf3fn27 2026-07-02 04:35:23+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn7f2xoll2b...

7.8CVSS5.8AI score0.00164EPSS
Exploits0References2
Circl
Circl
added 2026/06/29 8:16 p.m.8 views

CVE-2026-54814

creationtimestamp| type| source ---|---|--- 2026-06-29 20:16:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mphckhdxdj26...

8.1CVSS5.8AI score0.00337EPSS
Exploits0References1
Circl
Circl
added 2026/06/25 2:29 a.m.8 views

CVE-2026-57589

creationtimestamp| type| source ---|---|--- 2026-06-25 02:29:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3f447rn42l 2026-07-08 01:10:04+00:00| seen| https://bsky.app/profile/lobsters-feed.bsky.social/post/3mq3wpi5hat2y 2026-07-08 10:01:20+00:00| seen|...

7.8CVSS6.1AI score0.00116EPSS
Exploits0References14
OSV
OSV
added 2026/06/24 10:18 p.m.4 views

MAL-2026-6404 Malicious code in syco1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e43be65a0930b121cf4d610c70b2d07165e4d335dece4344590b471d078fa5b5 Package self-describes as a 'System binary configuration tool' but ships a covert screen and clipboard surveillance overlay. pointer.py captures...

6AI score
Exploits0References4
OSV
OSV
added 2026/06/24 2:5 p.m.12 views

MAL-2026-6396 Malicious code in signup-embedder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...

5.8AI score
Exploits0References4
Circl
Circl
added 2026/06/15 2:51 p.m.13 views

CVE-2026-9595

creationtimestamp| type| source ---|---|--- 2026-06-15 14:51:06+00:00| seen| https://bsky.app/profile/bjohansebas.me/post/3modjudajts2z 2026-06-15 15:06:59+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3modkqrbuns27 2026-06-17 18:51:46+00:00| seen|...

5.3CVSS4.9AI score0.00163EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 8:23 p.m.9 views

EUVD-2026-36586

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 4:36 a.m.14 views

Malicious code in qa-handoff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4939e56124668b7d03f9e2a96dfbfedba53e24aaa5d2190e298547e724b1f851 On npm install, the package automatically executes lib/setup.js via the postinstall lifecycle hook. The script spawns a detached Node process that...

5.5AI score
Exploits0References1
Circl
Circl
added 2026/06/09 10:1 p.m.14 views

CVE-2026-47908

creationtimestamp| type| source ---|---|--- 2026-06-09 22:01:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv74zhxah2s...

7.8CVSS5.3AI score0.00161EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 8:21 p.m.16 views

Malicious code in ipy-rev-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.12 views

CVE-2026-3637

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
Circl
Circl
added 2026/05/31 6:3 p.m.16 views

CVE-2026-46605

creationtimestamp| type| source ---|---|--- 2026-05-31 18:03:18+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mn65mbrzk32l...

4.3CVSS5.8AI score0.00335EPSS
Exploits0References1
Circl
Circl
added 2026/05/27 11:6 p.m.17 views

CVE-2026-46402

creationtimestamp| type| source ---|---|--- 2026-05-27 23:06:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmumods67b2r 2026-05-28 02:33:22+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmuyanmsf327 2026-05-28 06:00:29+00:00| seen|...

8.1CVSS5.8AI score0.00674EPSS
Exploits0References4
Circl
Circl
added 2026/05/27 5:17 a.m.12 views

CVE-2026-2254

creationtimestamp| type| source ---|---|--- 2026-05-27 05:17:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmsqwkq3f22e...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42751

Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Authenticated users with file upload or posting permissions can cause a denial of service resulting in server Out of Memory O...

6.8CVSS5.8AI score0.00245EPSS
Exploits0References11
Circl
Circl
added 2026/05/20 8:17 p.m.11 views

CVE-2026-9126

creationtimestamp| type| source ---|---|--- 2026-05-20 20:17:06+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116608743862604761 2026-05-20 22:40:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcxxhekzf2k 2026-05-21 17:07:07+00:00| seen|...

8.8CVSS5.8AI score0.00396EPSS
Exploits0References7
Circl
Circl
added 2026/05/20 11:2 a.m.12 views

CVE-2026-47068

creationtimestamp| type| source ---|---|--- 2026-05-20 11:02:29+00:00| published-proof-of-concept| https://github.com/phenixdigital/phoenixstorybook/security/advisories/GHSA-mrhx-6pw9-q5fh 2026-05-20 15:28:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmc7sv2h5b2h 2026-06-09...

2.3CVSS5.8AI score0.00449EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:10 a.m.14 views

Malicious code in @solarcraft/observix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c39608a172a624520f309b572b40636dc51563f85fe89dac968712490dd40f The package advertises itself as a zero-dependency colorized logger similar to pino-pretty, but dist/index.js does require'./logger' purely for its...

5.8AI score
Exploits0References1
Rows per page
Query Builder