Lucene search
K

105 matches found

Nuclei
Nuclei
added yesterday17 views

WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload

WordPress midi-Synth plugin \u003C= 1.1.0 contains an unrestricted file upload vulnerability caused by missing file type and extension validation in the 'export' AJAX action, letting unauthenticated attackers upload arbitrary files and potentially execute remote code, exploit requires attacker to...

9.8CVSS6.2AI score0.04458EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed wild-memory-access in registersynthevent. In registersynthevent, if setsyntheventprintfmt fails, then both traceremoveeventcall and unregisterTraceEvent will be called. This means that traceeventcall will call...

7.1CVSS6.2AI score0.0017EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Tracing: A memory leak was fixed in testgensynthcmd and testemptysynthevent. In testgensynthcmd, the buffer is freed only in the “fail” path. Therefore, the buffer may be leaked when there is no failure. Adding kfreebuf preven...

5.5CVSS6.5AI score0.00165EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:7 a.m.15 views

Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

5.4AI score
Exploits0References8
OSV
OSV
added 2026/06/13 7:7 a.m.12 views

MAL-2026-5730 Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

5.4AI score
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/05/18 8:22 p.m.7 views

crm-automator (>=1.9.5 <=1.11.5), ex4nicegui (=0.9.0) +3 more potentially affected by CVE-2026-45554 via nicegui (>=3.0.4 <=3.10.0)

nicegui PYPI version =3.0.4, =1.9.5, =1.0.0, =12.22.3, =12.22.5 Source cves: CVE-2026-45554 Source advisory: SNYK:PYTHON-NICEGUI-16757878...

5.3CVSS5.4AI score0.00343EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/04/29 12:0 a.m.3 views

The vulnerabilities of the functions trace_string() and trace_event_rawevent_synth() in the kernel/trace/trace_events_synth.c module, which support Linux’s kernel tracing mechanism, allow a hacker to cause a system failure.

The vulnerability of the tracestring and traceeventraweventsynth functions in the kernel/trace/traceeventssynth.c module, which support kernel tracing in Linux operating systems, is related to incorrect input validation. Exploiting this vulnerability could allow an attacker to cause a system...

5.5CVSS7AI score0.00149EPSS
Exploits0References12Affected Software4
GithubExploit
GithubExploit
added 2026/04/28 4:27 p.m.105 views

Exploit for CVE-2026-1306

CVE-2026-1306 — midi-Synth WordPress WordPress midi-Synth...

9.8CVSS5.2AI score0.04458EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006637 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix wild-memory-access in registersynthevent In registersynthevent, if...

7.1CVSS5.8AI score0.0017EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/15 10:12 p.m.9 views

WordPress midi-Synth plugin <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability

Unauthenticated Arbitrary File Upload via 'export' AJAX Action vulnerability discovered by WordFence in WordPress Plugin midi-Synth versions = 1.1.0...

9.8CVSS5.4AI score0.04458EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.13 views

CVE-2026-1306

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

9.8CVSS6.6AI score0.04458EPSS
Exploits1References1
NVD
NVD
added 2026/02/14 7:16 a.m.15 views

CVE-2026-1306

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

9.8CVSS0.04458EPSS
Exploits1References6
NVD
NVD
added 2026/02/14 7:16 a.m.7 views

CVE-2026-0736

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00255EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.32 views

CVE-2026-0736 Chatbot for WordPress by Collect.chat ⚡️ <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Field

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS0.00255EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.8 views

CVE-2026-0736

The Chatbot for WordPress by Collect.chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'inpostheadscriptsynthheaderscript' post meta field in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping. This makes it possible fo...

6.4CVSS5.7AI score0.00255EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.4 views

CVE-2026-1306 midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

9.8CVSS6.6AI score0.04458EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.5 views

CVE-2026-1306

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

9.8CVSS6.6AI score0.04458EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.103 views

CVE-2026-1306 midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload via 'export' AJAX Action

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affecte...

9.8CVSS0.04458EPSS
Exploits1References6
CVE
CVE
added 2026/02/14 6:42 a.m.41 views

CVE-2026-1306

The MIDI-Synth WordPress plugin (

9.8CVSS6.6AI score0.04458EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.8 views

WordPress plugin midi-Synth 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS6AI score0.04458EPSS
Exploits1References5
Rows per page
Query Builder