Lucene search
K

12889 matches found

Nuclei
Nuclei
added 9 hours ago21 views

Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'planicons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-lev...

6.4CVSS6.2AI score0.00598EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago30 views

WP Pricing Table - Reflected XSS

WP Pricing Table WordPress plugin = 1.1 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft malicious URL. id: CVE-2024-13628 info: name: WP Pricing Table -...

6.1CVSS7AI score0.00641EPSS
Exploits1References1
Nuclei
Nuclei
added 9 hours ago65 views

WordPress ARPrice <3.6.1 - SQL Injection

WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS7.2AI score0.13256EPSS
Exploits1References5
OSV
OSV
added yesterday18 views

MAL-2026-10452 Malicious code in markdown-editable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6b15669732f3eaec42e12c5f8d41a8f74d595fc04f709804de9768cb1719a94 The package's package.json declares a preinstall hook node index.d.js that runs automatically on npm install. The script in index.d.js base64-decodes...

6.2AI score
Exploits0References4
OSV
OSV
added yesterday3 views

MAL-2026-10447 Malicious code in remarkable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 464cab930bcf948abf49517f78a3ee1abb8b89c8f9c90f199bd3446c902d8e1e The package's preinstall script runs index.d.js, which reconstructs the identifier 'eval' from a character-code array 101,118,97,108 and base64-decod...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in markable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd358271f202636f12507f09da4e8f00c900ba46c9dca25a5a0526d35b75bf1d [email protected] declares scripts.preinstall = 'node index.d.js'. index.d.js base64-decodes an embedded payload and invokes it through an...

6.5AI score
Exploits0References10
OSV
OSV
added yesterday5 views

MAL-2026-10444 Malicious code in markable-table (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd358271f202636f12507f09da4e8f00c900ba46c9dca25a5a0526d35b75bf1d [email protected] declares scripts.preinstall = 'node index.d.js'. index.d.js base64-decodes an embedded payload and invokes it through an...

6.5AI score
Exploits0References10
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43135

The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...

4.3CVSS6.1AI score0.00213EPSS
Exploits0References8
CVE
CVE
added 4 days ago6 views

CVE-2026-55664

Summary: Grist ≤ 1.7.14 permits reading table/column metadata via GET /forms without enforcing document access rules, potentially exposing widget metadata even in documents with no forms. Impact (as stated): A user with partial read access (including public access on a public document) could reve...

4.3CVSS6.1AI score0.00243EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55664 Grist: Insufficient access control in the /forms endpoint exposes table metadata

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...

4.3CVSS0.00243EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-58492

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS0.00302EPSS
Exploits0References3
CVE
CVE
added 4 days ago7 views

CVE-2026-58492

Technical details are not publicly available in the provided documents. Monitor for updates.

9.2CVSS6.3AI score0.00302EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-58492 grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization, escaping, quoting, or whitelisting, allowing attacker-controlled table names passed by consuming plugin ...

9.2CVSS0.00302EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-54000

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS0.00108EPSS
Exploits0References4
CVE
CVE
added 4 days ago12 views

CVE-2026-55687

CVE-2026-55687 describes a stack-based out-of-bounds write in the Espressif ESF-IDF JPEG decoder marker parsing (jpeg_parse_dqt_marker). The attack uses the attacker-controlled DQT marker Tq nibble as an index into the qt_tbl array without validating it is within 0..3, enabling malformed JPEG inp...

7.5CVSS6.1AI score0.00385EPSS
Exploits0References7
NVD
NVD
added 4 days ago7 views

CVE-2026-58661

n8n before 2.28.0 and before 1.123.58 on the 1.x branch contains a disk space exhaustion vulnerability in the data-table file upload endpoint. The per-request quota check does not account for files already written to the shared temporary directory, allowing an authenticated user to repeatedly...

5.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42919

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-54000 osquery: Heap buffer overflow in `getProcessCurrentDirectory()` via `processes` table (Windows)

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...

7CVSS0.00108EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-54000

CVE-2026-54000 in osquery (Windows) describes a heap buffer out-of-bounds write in getProcessCurrentDirectory() triggered via the processes table by a maliciously crafted process. The unchecked PEB string lengths in process command-line and current-directory reads allow a local attacker with low ...

7CVSS6.2AI score0.00108EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-54001 osquery: Heap buffer overflow via `authenticode` table (Windows)

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the authenticode table targeting a maliciously crafted binary, due to...

7CVSS0.00108EPSS
Exploits0References4
Rows per page
Query Builder