Lucene search
K

101391 matches found

RedhatCVE
RedhatCVE
added 2 hours ago3 views

CVE-2026-58038

A flaw was found in the Wikimedia Foundation Timeline component. This cross-site scripting XSS vulnerability allows a remote attacker to inject malicious scripts into web pages. Successful exploitation could lead to significant impacts such as information disclosure, session hijacking, or...

0.0024EPSS
Exploits0References4
NVD
NVD
added 7 hours ago7 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 8 hours ago5 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score
Exploits0References7
CVE
CVE
added 8 hours ago10 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 8.40 via the 'file' parameter. Unauthenticated attackers can read arbitrary server files. Exploitation requires obtaining a valid nonce via ar_get_fresh_nonce and ar_process_user_ima...

7.5CVSS5.9AI score
Exploits0References6
Cvelist
Cvelist
added 8 hours ago10 views

CVE-2026-14327 AR for WordPress <= 8.40 - Unauthenticated Arbitrary File Read via 'file' Parameter

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS
Exploits0References6
EUVD
EUVD
added 8 hours ago8 views

EUVD-2026-41471

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 10 hours ago7 views

PT-2026-55444

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score
Exploits0References7
F5 Networks
F5 Networks
added yesterday3 views

K000161886: NPM CLI vulnerabilities CVE-2019-16775, CVE-2019-16776, and CVE-2019-16777

Security Advisory Description CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the...

8.1CVSS5.9AI score0.03342EPSS
Exploits0Affected Software12
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ad72fe1fdc56e7fb5716a906fb8481bfe1e477d2f97c649d5db853a79130628a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added yesterday3 views

MAL-2026-6734 Malicious code in horde-python-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ad72fe1fdc56e7fb5716a906fb8481bfe1e477d2f97c649d5db853a79130628a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in epic-build-scripts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93043b3f00a64c66fb0680256387471b656f222556c282c9cb1680347f14fae8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added yesterday3 views

MAL-2026-6733 Malicious code in epic-build-scripts (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93043b3f00a64c66fb0680256387471b656f222556c282c9cb1680347f14fae8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ue-python-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9494382fb3885f95987ec830f096aac6cde589cac9485b6a347bafed9a8a7e39 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added yesterday3 views

MAL-2026-6735 Malicious code in ue-python-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9494382fb3885f95987ec830f096aac6cde589cac9485b6a347bafed9a8a7e39 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in unreal-mladapter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b4f17043a9c57ea2087c59c771151186c117ab64cbf5c45df85df62469aa89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
OSV
OSV
added yesterday3 views

MAL-2026-6736 Malicious code in unreal-mladapter (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b4f17043a9c57ea2087c59c771151186c117ab64cbf5c45df85df62469aa89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added yesterday5 views

9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday5 views

GHSA-G6G7-PVMX-M74P 9router: Missing Authorization and OS Command Injection

Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...

9.2CVSS5.9AI score
Exploits0References2
GithubExploit
GithubExploit
added yesterday26 views

Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager

CVE-2026-38751 – OpenSTAManager Arbitrary File Upload PoC T...

7.2CVSS6.6AI score0.00372EPSS
Exploits5
Rows per page
Query Builder