485 matches found
WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting
The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. id: CVE-2019-9881 info: name: WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting author: intelligent-ears severity:...
CVE-2026-12406
The CVE concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration” (WPUF). All versions up to 4.3.7 are affected by an authorization bypass that allows unauthenticated attackers to delete arbitrary media attachments with pos...
CVE-2026-24249
creationtimestamp| type| source ---|---|--- 2026-07-01 16:40:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplxhlf3fn27 2026-07-02 04:35:23+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn7f2xoll2b...
CVE-2026-54814
creationtimestamp| type| source ---|---|--- 2026-06-29 20:16:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mphckhdxdj26...
CVE-2026-57589
creationtimestamp| type| source ---|---|--- 2026-06-25 02:29:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp3f447rn42l 2026-07-08 01:10:04+00:00| seen| https://bsky.app/profile/lobsters-feed.bsky.social/post/3mq3wpi5hat2y 2026-07-08 10:01:20+00:00| seen|...
MAL-2026-6404 Malicious code in syco1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e43be65a0930b121cf4d610c70b2d07165e4d335dece4344590b471d078fa5b5 Package self-describes as a 'System binary configuration tool' but ships a covert screen and clipboard surveillance overlay. pointer.py captures...
MAL-2026-6396 Malicious code in signup-embedder (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...
CVE-2026-9595
creationtimestamp| type| source ---|---|--- 2026-06-15 14:51:06+00:00| seen| https://bsky.app/profile/bjohansebas.me/post/3modjudajts2z 2026-06-15 15:06:59+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3modkqrbuns27 2026-06-17 18:51:46+00:00| seen|...
EUVD-2026-36586
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...
Malicious code in qa-handoff (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4939e56124668b7d03f9e2a96dfbfedba53e24aaa5d2190e298547e724b1f851 On npm install, the package automatically executes lib/setup.js via the postinstall lifecycle hook. The script spawns a detached Node process that...
CVE-2026-47908
creationtimestamp| type| source ---|---|--- 2026-06-09 22:01:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnv74zhxah2s...
Malicious code in ipy-rev-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 591a0d253aee02115544f9bcac7609e62d8c18a9ac60cc4967d7d6e8c7f7d555 On npm install, index.js runs as a preinstall hook and POSTs hostname, username, platform, architecture, cwd, CI flags, and npm user-agent to...
CVE-2026-3637
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...
CVE-2026-46605
creationtimestamp| type| source ---|---|--- 2026-05-31 18:03:18+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mn65mbrzk32l...
CVE-2026-46402
creationtimestamp| type| source ---|---|--- 2026-05-27 23:06:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmumods67b2r 2026-05-28 02:33:22+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mmuyanmsf327 2026-05-28 06:00:29+00:00| seen|...
CVE-2026-2254
creationtimestamp| type| source ---|---|--- 2026-05-27 05:17:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmsqwkq3f22e...
PT-2026-42751
Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Authenticated users with file upload or posting permissions can cause a denial of service resulting in server Out of Memory O...
CVE-2026-9126
creationtimestamp| type| source ---|---|--- 2026-05-20 20:17:06+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116608743862604761 2026-05-20 22:40:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmcxxhekzf2k 2026-05-21 17:07:07+00:00| seen|...
CVE-2026-47068
creationtimestamp| type| source ---|---|--- 2026-05-20 11:02:29+00:00| published-proof-of-concept| https://github.com/phenixdigital/phoenixstorybook/security/advisories/GHSA-mrhx-6pw9-q5fh 2026-05-20 15:28:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmc7sv2h5b2h 2026-06-09...
Malicious code in @solarcraft/observix (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14c39608a172a624520f309b572b40636dc51563f85fe89dac968712490dd40f The package advertises itself as a zero-dependency colorized logger similar to pino-pretty, but dist/index.js does require'./logger' purely for its...