Lucene search
+L

343 matches found

Snyk
Snyk
added 2026/02/18 9:50 p.m.6 views

SQL Injection

Overview ghost is a publishing platform Affected versions of this package are vulnerable to SQL Injection in the the slug filter ordering logic in the Content API. An attacker can access and read arbitrary data from the database by injecting crafted SQL queries through the filter parameter in API...

9.4CVSS6.2AI score0.69996EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:7 p.m.7 views

CVE-2026-23743

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/28 8:7 p.m.5 views

CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, permalinks pointing to access-restricted resources private topics, categories, posts, or hidden tags were redirecting users to URLs containing the resource slug, even when the user...

6.9CVSS5.9AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 8:16 a.m.8 views

CVE-2026-1257

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...

7.5CVSS0.00678EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.4 views

CVE-2026-1257 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...

7.5CVSS6.4AI score0.00678EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.35 views

CVE-2026-1257 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'gettemplate' shortcode. This is due to insufficient path validation on user-supplied input passed to the gettemplatepart function...

7.5CVSS0.00678EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.28 views

CVE-2026-1257

CVE-2026-1257 affects the WordPress Administrative Shortcodes plugin (versions

7.5CVSS6.5AI score0.00678EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/24 3:7 a.m.8 views

WordPress Administrative Shortcodes plugin <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute vulnerability

Authenticated Contributor+ Local File Inclusion via 'slug' Shortcode Attribute vulnerability discovered by zaim in WordPress Plugin Administrative Shortcodes versions = 0.3.4...

7.5CVSS5.4AI score0.00678EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.14 views

PT-2026-4588

The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get template' shortcode. This is due to insufficient path validation on user-supplied input passed to the get template part functio...

7.5CVSS6.5AI score0.00678EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.8 views

CVE-2019-12434

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure...

4.3CVSS6.5AI score0.00751EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/19 6:31 a.m.8 views

EUVD-2025-198120

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

6.5CVSS4.7AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2025/11/19 6:15 a.m.13 views

CVE-2025-12174

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'directoristpreparelistingsexportfile' and 'directoristtypeslugchange' AJAX actions in all versions up to, and...

6.5CVSS0.00192EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/18 11:40 p.m.9 views

WordPress Directorist plugin <= 8.5.2 - Missing Authorization to Authenticated (Subscriber+) Data Export and Slug Update vulnerability

Missing Authorization to Authenticated Subscriber+ Data Export and Slug Update vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Directorist versions = 8.5.2...

6.5CVSS7AI score0.00192EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/12 3:4 a.m.3 views

EUVD-2025-117474

Malicious code in concerned-purple-slug npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 3:4 a.m.1 views

EUVD-2025-117191

Malicious code in only-tomato-slug npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.3 views

Malicious code in latin_slug_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9588bd5298ae71d3e6ffa2fd6e153a8c2fd654a4b0a6a9604e58439ad26149b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/11 10:56 p.m.3 views

Malicious code in voluntary_slug_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cec595ac9ae7dfc1b37c7e19efe674523a37d35b42ec7643cfa52cbd738b5cf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/11 8:46 p.m.2 views

MAL-2025-130130 Malicious code in silky_slug_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 75d4ec88866f4d08ca5b0047db14094b7b2b3c6ceaefedb60eb5687cc439f52c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.2 views

EUVD-2025-93888

Malicious code in yabberingslugz3n npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/11 8:11 p.m.2 views

EUVD-2025-95123

Malicious code in seriousslugz3n npm...

6.6AI score
Exploits0
Rows per page
Query Builder