101391 matches found
CVE-2026-58038
A flaw was found in the Wikimedia Foundation Timeline component. This cross-site scripting XSS vulnerability allows a remote attacker to inject malicious scripts into web pages. Successful exploitation could lead to significant impacts such as information disclosure, session hijacking, or...
CVE-2026-14327
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
CVE-2026-14327
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
CVE-2026-14327
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 8.40 via the 'file' parameter. Unauthenticated attackers can read arbitrary server files. Exploitation requires obtaining a valid nonce via ar_get_fresh_nonce and ar_process_user_ima...
CVE-2026-14327 AR for WordPress <= 8.40 - Unauthenticated Arbitrary File Read via 'file' Parameter
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
EUVD-2026-41471
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
PT-2026-55444
The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
K000161886: NPM CLI vulnerabilities CVE-2019-16775, CVE-2019-16776, and CVE-2019-16777
Security Advisory Description CVE-2019-16775 Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the...
CVE-2026-54265
A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...
Malicious code in horde-python-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad72fe1fdc56e7fb5716a906fb8481bfe1e477d2f97c649d5db853a79130628a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-6734 Malicious code in horde-python-client (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ad72fe1fdc56e7fb5716a906fb8481bfe1e477d2f97c649d5db853a79130628a Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in epic-build-scripts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 93043b3f00a64c66fb0680256387471b656f222556c282c9cb1680347f14fae8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-6733 Malicious code in epic-build-scripts (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 93043b3f00a64c66fb0680256387471b656f222556c282c9cb1680347f14fae8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in ue-python-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9494382fb3885f95987ec830f096aac6cde589cac9485b6a347bafed9a8a7e39 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-6735 Malicious code in ue-python-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 9494382fb3885f95987ec830f096aac6cde589cac9485b6a347bafed9a8a7e39 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Malicious code in unreal-mladapter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b4f17043a9c57ea2087c59c771151186c117ab64cbf5c45df85df62469aa89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
MAL-2026-6736 Malicious code in unreal-mladapter (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b8b4f17043a9c57ea2087c59c771151186c117ab64cbf5c45df85df62469aa89 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
9router: Missing Authorization and OS Command Injection
Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...
GHSA-G6G7-PVMX-M74P 9router: Missing Authorization and OS Command Injection
Unauthenticated RCE via /api/tunnel/tailscale-install Affected: 9router npm package — current master v0.4.39. Summary POST /api/tunnel/tailscale-install accepts a JSON body with a sudoPassword field and pipes it, followed by the body of https://tailscale.com/install.sh, into a child process spawn...
Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager
CVE-2026-38751 – OpenSTAManager Arbitrary File Upload PoC T...