Lucene search
+L

1233 matches found

nuclei
nuclei
added yesterday12 views

WordPress TS Poll < 2.4.0 - SQL Injection

WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...

7.2CVSS6.1AI score0.02277EPSS
Exploits1References2
cvelist
cvelist
added 3 days ago34 views

CVE-2026-15749 mastergo-design mastergo-magic-mcp mcp__C2d get-c2d.ts execute path traversal

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

5.3CVSS0.0014EPSS
Exploits0References6
ossf
ossf
added 2026/07/09 3:41 p.m.8 views

Malicious code in ts-eslint-jest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e1ffed26d2d64bf9076210504de22b87e27a065821dedbc708fb05f7c47db74 The package [email protected] presents as a TypeScript/ESLint/Jest helper but ships lib/collect.js, which imports childprocess and invokes...

6.1AI score
Exploits0References2
ossf
ossf
added 2026/07/08 3:4 p.m.9 views

Malicious code in @vite-ln/build-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8972bbfdd55ad200dd49b08501d7391beca99841f0c36479806f2b1e329950a2 Package @vite-ln/build-ts copies the legitimate vite package's manifest verbatim description 'Native-ESM powered web dev build tool', author 'Evan...

6.1AI score
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.6 views

PT-2026-56618

Name of the Vulnerable Software and Affected Versions davenardella snap7 versions prior to 1.4.4 Description A flaw in the ReadVar Request Handler component allows for deserialization. The issue resides in the TS7Worker::PerformFunctionRead function within the src/core/s7 server.cpp file...

6.3CVSS6.6AI score0.00285EPSS
Exploits0References9
nvd
nvd
added 2026/07/07 3:16 p.m.7 views

CVE-2026-12948

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
cve
cve
added 2026/07/07 2:32 p.m.14 views

CVE-2026-12948

The CVE-2026-12948 vulnerability affects the web management interfaces of Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA. It is a stored XSS (CWE-79) that permits a remote, authenticated administrator to inject script into certain system configuration fields; the script can exec...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/07 2:32 p.m.35 views

CVE-2026-12948 Stored Cross-Site Scripting (XSS)

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS0.00269EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/07/07 2:32 p.m.9 views

CVE-2026-12948 Stored Cross-Site Scripting (XSS)

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 2:32 p.m.8 views

CVE-2026-12948

A stored cross-site scripting XSS vulnerability in the web management interface of the Digi PortServer TS, Digi One SP, Digi One SP IA, and Digi One IA allows a remote, authenticated administrator to inject script into certain system configuration fields. The script subsequently executes in the...

4.8CVSS5.8AI score0.00269EPSS
Exploits0References2
osv
osv
added 2026/07/06 6:59 p.m.5 views

MAL-2026-6896 Malicious code in ts-eslinter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56fe794783cf855aba4980f7186b85866fd3048cbb97803fe8c575192cb30d44 Package name resembles common ESLint/TypeScript tooling and the main entry index.js contains base64 decoding via Buffer.from...,...

6.2AI score
Exploits0References2
osv
osv
added 2026/07/06 6:59 p.m.4 views

MAL-2026-6895 Malicious code in ts-bigtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/07/06 6:59 p.m.7 views

Malicious code in ts-bigtn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3fe9cda51a9c873f69575fec5aada84c81b0b7e907d060f28d6c6e95dc381911 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/07/06 6:50 p.m.11 views

Malicious code in big256-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f547bc04e09d0a4a99ac1e49992abd3dc35c02ad1bd963e8d0d07fd0e11464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
osv
osv
added 2026/07/06 6:50 p.m.6 views

MAL-2026-6803 Malicious code in big256-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18f547bc04e09d0a4a99ac1e49992abd3dc35c02ad1bd963e8d0d07fd0e11464 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/07/03 4:6 p.m.9 views

Malicious code in ts-node-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 938793019b03ce033ae241aa80d0515a4d42d2580298f1d0fcf8627176e9b160 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
osv
osv
added 2026/07/03 4:6 p.m.8 views

MAL-2026-6745 Malicious code in ts-node-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 938793019b03ce033ae241aa80d0515a4d42d2580298f1d0fcf8627176e9b160 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
osv
osv
added 2026/06/30 2:10 p.m.9 views

MAL-2026-6677 Malicious code in ts-lint-builders-v2.1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fc4c23edadea0930347028a24b67219dad6d3cbc4ec0fe1f93e8954425107ad On npm install, the package's postinstall hook node test.js executes a multi-stage attack against the installer. 1 It recursively scans the current...

5.8AI score
Exploits0References2
ossf
ossf
added 2026/06/30 2:10 p.m.9 views

Malicious code in ts-linting-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...

6AI score
Exploits0References2
osv
osv
added 2026/06/30 2:10 p.m.6 views

MAL-2026-6678 Malicious code in ts-linting-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c719aef78218f6b59b9f209c41eff610782c86c2ced5aeabe288218ac3c4f880 On npm install, the package's postinstall script test.js invokes routines in index.js that recursively scan the current working directory and the...

6AI score
Exploits0References2
Rows per page
Query Builder