Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

VulnCheck KEV
VulnCheck KEVadded 2023/12/03 12:0 a.m.2 views

VulnCheck KEV: CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the libpath parameter before it is passed into a call to require via the narnoodistributorlibrequest AJAX action available to both unauthenticated and authenticated users which results in the disclosure...

9.8CVSS7.3AI score0.84482EPSS
Exploits2References1
Github Security Blog
Github Security Blogadded 2020/09/04 6:4 p.m.22 views

Remote Code Execution in next

Versions of next prior to 5.1.0 are vulnerable to Remote Code Execution. The /path: route fails to properly sanitize input and passes it to a require call. This allows attackers to execute JavaScript code on the server. Note that prior version 0.9.9 package next npm package hosted a different...

4.1AI score
Exploits0References2Affected Software1
OSV
OSVadded 2020/09/03 8:28 p.m.10 views

GHSA-88H9-FC6V-JCW7 Unintended Require in larvitbase-www

All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...

7.3AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2020/09/03 8:28 p.m.19 views

Unintended Require in larvitbase-www

All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blogadded 2020/09/03 6:14 p.m.16 views

Local File Inclusion in domokeeper

All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows attackers t...

3.6AI score
Exploits0References2Affected Software1
OSV
OSVadded 2019/09/11 11:3 p.m.14 views

GHSA-XF27-JQWV-GF3R Unintended Require in larvitbase-api

Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation Upgrade to...

7.5CVSS7.6AI score0.00175EPSS
Exploits1References3
Node.js
Node.jsadded 2019/07/17 7:41 p.m.22 views

Local File Inclusion

Overview All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder