Lucene search
K

597 matches found

OSV
OSV
added 2026/03/16 10:13 a.m.5 views

MAL-2026-1464 Malicious code in pretty-changelog-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b9f609acf299244364375bad1f58bc65eb5c8b17ca7e9bc92de94aff7e975c The package pretty-changelog-logger was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Snyk
Snyk
added 2026/03/16 10:13 a.m.2 views

Malicious Package

Overview pretty-changelog-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 10:13 a.m.8 views

Malicious code in pretty-changelog-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 64b9f609acf299244364375bad1f58bc65eb5c8b17ca7e9bc92de94aff7e975c The package pretty-changelog-logger was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

Amazon Linux 2023 : javapackages-bootstrap (ALAS2023-2026-1449)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1449 advisory. AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in...

9.1CVSS7.2AI score0.00542EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-22893

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/13 8:55 p.m.12 views

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

5.5AI score
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/02/11 1:0 a.m.8 views

[SECURITY] Fedora 42 Update: rust-pretty-git-prompt-0.2.2-9.fc42

Your current git repository information inside a beautiful shell prompt...

7.5CVSS5.4AI score0.00443EPSS
Exploits1
Veracode
Veracode
added 2026/01/29 8:48 a.m.10 views

Server-Side Template Injection

fof/pretty-mail is vulnerable to Server-Side Template Injection. The vulnerability is due to improper validation and sanitization of email template inputs, which allows an attacker with administrative access to inject malicious template expressions and execute arbitrary system commands during ema...

8.6CVSS6.1AI score0.00504EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/01/26 10:19 p.m.25 views

CVE-2026-24400 AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes...

8.2CVSS0.00542EPSS
Exploits0References4
OSV
OSV
added 2026/01/26 9:31 p.m.3 views

GHSA-RQFH-9R24-8C9R AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...

8.2CVSS7AI score0.00542EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/01/26 9:31 p.m.14 views

AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion

An XML External Entity XXE vulnerability exists in org.assertj.core.util.xml.XmlStringPrettyFormatter: the toXmlDocumentString method initializes DocumentBuilderFactory with default settings, without disabling DTDs or external entities. This formatter is used by the isXmlEqualToCharSequence...

9.1CVSS5.9AI score0.00542EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/22 12:10 a.m.8 views

OSV-2026-108 UNKNOWN in rapidjson::PrettyWriter<rapidjson::GenericStringBuffer<rapidjson::UTF8<char>, ra

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=477111546 Crash type: UNKNOWN Crash state: rapidjson::PrettyWriter, ra bool rapidjson::GenericValue, rapidjson::MemoryPoolAllocat bool rapidjson::GenericValue, rapidjson::MemoryPoolAllocat...

5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:32 a.m.4 views

CVE-2023-25452

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Michael Pretty prettyboymp CMS Press plugin = 0.2.3 versions...

5.9CVSS5.2AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.4 views

CVE-2022-23628

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

6.3CVSS6.7AI score0.0103EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.9 views

CVE-2024-39626

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rob @ 5 Star Plugins Pretty Simple Popup Builder pretty-simple-popup-builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through = 1.0.9...

5.9CVSS5.9AI score0.0026EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/20 6:30 a.m.4 views

EUVD-2025-204629

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

5.3CVSS4.9AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/20 3:20 a.m.30 views

CVE-2025-12898 Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

5.3CVSS0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/20 3:20 a.m.2 views

CVE-2025-12898 Pretty Google Calendar <= 2.0.0 - Missing Authorization to Unauthenticated Google API Key Exposure

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

5.3CVSS4.9AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.4 views

WordPress plugin Pretty Google Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.3AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/20 12:0 a.m.8 views

PT-2025-52535

Name of the Vulnerable Software and Affected Versions Pretty Google Calendar plugin for WordPress versions prior to 2.0.1 Description The Pretty Google Calendar plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the pgcal ajax handler...

5.3CVSS6.2AI score0.00231EPSS
Exploits0References6
Rows per page
Query Builder