Lucene search
K

382 matches found

Patchstack
Patchstack
added 2025/10/02 9:56 a.m.5 views

WordPress Jock On Air Now (JOAN) plugin <= 6.0.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Jock On Air Now JOAN versions = 6.0.4...

6.5CVSS7AI score0.00249EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/27 10:14 p.m.5 views

Malicious code in mahmoudtest (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 72d145d1c87ce8ee88e57350f32db7041f4a990fa68d1cba09cf285ef03959a8 Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 4:24 p.m.22 views

CVE-2025-59844 Argument injection vulnerability in SonarQube Scan Action

SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0 to before version 6.0.0 when workflows pass user-controlled input to the args parameter on Windows...

7.7CVSS7.4AI score0.01507EPSS
Exploits0References3
CVE
CVE
added 2025/09/26 4:24 p.m.24 views

CVE-2025-59844

The CVE-2025-59844 entry pertains to SonarQube Scan Action (GitHub Action). A command injection vulnerability exists in versions 4.0.0 through before 6.0.0 when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This root cause allows arbitrar...

7.7CVSS7.4AI score0.01507EPSS
Exploits0References3
CVE
CVE
added 2025/09/26 8:31 a.m.10 views

CVE-2025-60139

CVE-2025-60139 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin official-sendle-shipping-method (Sendle Shipping). It affects Sendle Shipping versions from n/a up to and including 6.02. The associated CVSS 3.1 metrics indicate a Medium risk (4.3) with network attack ve...

4.3CVSS5.9AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.8 views

PT-2025-39662

Name of the Vulnerable Software and Affected Versions SonarQube versions prior to 6.0.0 Description A command injection issue exists in the SonarQube GitHub Action when workflows pass user-controlled input to the args parameter on Windows runners without proper validation. This bypasses a previou...

7.7CVSS7.2AI score0.01507EPSS
Exploits0References13
OSV
OSV
added 2025/09/24 7:21 p.m.4 views

GO-2025-3976 Grafana-Zabbix ReDoS vulnerability in github.com/alexanderzobnin/grafana-zabbix

Grafana-Zabbix ReDoS vulnerability in github.com/alexanderzobnin/grafana-zabbix. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

4.3CVSS6.9AI score0.00323EPSS
Exploits0References4
NVD
NVD
added 2025/09/22 7:15 p.m.4 views

CVE-2025-57977

Cross-Site Request Forgery CSRF vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through = 6.0.13...

7.1CVSS0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.7 views

PT-2025-38303

Name of the Vulnerable Software and Affected Versions invokeai versions v6.0.0a1 and below Description A vulnerability allows attackers to perform path traversal and arbitrary file deletion. This is achieved via the GET /api/v1/images/download/bulk download item name endpoint by manipulating the...

9.8CVSS7.5AI score0.00353EPSS
Exploits0References15
Snyk
Snyk
added 2025/09/11 6:35 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via a permissive API. An attacker can retrieve unauthorized workflow definitions by specifying their names through crafted API requests. Remediation Upgrade...

5.3CVSS6.6AI score0.00234EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is:...

6.1CVSS6AI score0.0098EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/09 10:46 p.m.3 views

Arbitrary Code Injection

Overview pyinstaller is a package that bundles a Python application and all its dependencies into a single package Affected versions of this package are vulnerable to Arbitrary Code Injection in the bootstrap process. An attacker can achieve arbitrary code execution by placing malicious files or...

7CVSS7.8AI score0.00114EPSS
Exploits0References2
CVE
CVE
added 2025/09/09 10:28 p.m.26 views

CVE-2025-59042

CVE-2025-59042 is a PyInstaller-related issue. In PyInstaller builds older than 6.0.0, the bootstrap process appends a special entry to sys.path and may load an optional bytecode-decryption module, enabling an unprivileged attacker to execute arbitrary Python code if they can place a file/dir nex...

7CVSS7.2AI score0.00114EPSS
Exploits0References2
CVE
CVE
added 2025/09/05 8:26 p.m.27 views

CVE-2025-10059

Summary: A vulnerability in MongoDB where an improper setting of the lsid field on a sharded query can crash MongoDB routers. Root cause: mis-handling of a generic argument (lsid) when not applicable. Affected versions: MongoDB Server 6.0.x before 6.0.24; 7.0.x before 7.0.18; 8.0.x before 8.0.6. ...

6.5CVSS6.3AI score0.00254EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-21441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Atta...

7.5CVSS6.1AI score0.01216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-3016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function...

6.5CVSS5.4AI score0.00581EPSS
Exploits1References3
OSV
OSV
added 2025/08/25 12:45 p.m.1 views

SUSE-SU-2025:20626-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_11

This update for kernel-livepatch-MICRO-6-0-RTUpdate11 fixes the following issues: This is the initial livepatch for the Update 11 of the RT Kernel for SL Micro 6.0 and 6.1...

5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/14 10:34 a.m.1 views

CVE-2025-50031 WordPress DB Backup <= 6.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in syedamirhussain91 DB Backup db-backup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DB Backup: from n/a through = 6.0...

6.5CVSS5.1AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 10:34 a.m.15 views

CVE-2025-50031

CVE-2025-50031 concerns the WordPress plugin DB Backup, specifically versions through 6.0. The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels, potentially enabling unauthorized access. According to Patchstack/...

6.5CVSS5.9AI score0.00294EPSS
In wildExploits0References1
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.4 views

WordPress plugin SMM API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.1CVSS4.5AI score0.0026EPSS
Exploits0References1
Rows per page
Query Builder