Lucene search
+L

1787 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 12:0 a.m.11 views

CVE-2026-31243

The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a CREATE...

6AI score0.00374EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/11 7:7 p.m.9 views

WordPress SP Blog Designer plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin SP Blog Designer versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/11 7:2 p.m.10 views

WordPress Quick Table plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by MAJidox in WordPress Plugin Quick Table versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/10 10:36 a.m.9 views

Malicious code in noon-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/08 3:20 a.m.42 views

CVE-2026-42264 Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

7.4CVSS0.00715EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38966

Name of the Vulnerable Software and Affected Versions ai-scanner versions 1.0.0 through 1.4.0 Description Remote code execution is possible via JavaScript injection in the BrowserAutomation::PlaywrightService function. This software is an AI model safety scanner built on NVIDIA garak...

9.9CVSS6.2AI score0.00587EPSS
Exploits1References10
Patchstack
Patchstack
added 2026/05/07 6:30 p.m.10 views

NPM: query-parser-string is vulnerable to Prototype Pollution

NPM: query-parser-string is vulnerable to Prototype Pollution vulnerability discovered by ? in WordPress Npm query-string-parser versions 1.0.0...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/07 6:30 p.m.12 views

EUVD-2025-209730

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

5.8AI score0.00476EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/07 8:1 a.m.11 views

Malicious code in @b2bneo-rest/api-csf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea4a9f32d6857ac3e548ca117915efd6694039bbc344390f1758f12291776817 The package @b2bneo-rest/api-csf was found to contain malicious code. Source: ossf-package-analysis...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Query String Parser 安全漏洞

Query String Parser is a JavaScript tool for parsing query strings developed by Victor Teo. Version 1.0.0 of Query String Parser has a security vulnerability. This vulnerability arises from improper cleaning of query parameters provided by users and their merging into newly created objects, which...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References2
CNVD
CNVD
added 2026/05/07 12:0 a.m.12 views

XATABoost CMS SQL Injection Vulnerability

XATABoost CMS is a content management system from XATABoost that provides website content publishing and management functions. A SQL injection vulnerability exists in XATABoost CMS version 1.0.0. The vulnerability stems from the application's lack of validation of externally entered SQL statement...

8.8CVSS5.9AI score0.00323EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.8 views

CVE-2025-63704

NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...

5.8AI score0.00476EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 3:16 a.m.9 views

CVE-2026-5505

The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's clippy shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

WordPress plugin WP-Clippy 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-36758

Name of the Vulnerable Software and Affected Versions pixelsock directus-mcp version 1.0.0 Description A flaw in the MCP Interface component allows for server-side request forgery SSRF, a condition where an attacker can induce the server to make requests to an unintended location. This occurs...

6.5CVSS6.5AI score0.00214EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.11 views

MCP MetaTrader 4 Server 路径遍历漏洞

MCP MetaTrader 4 Server is a cross-platform trading integration tool developed by 8nite, a personal developer. Version 1.0.0 of MCP MetaTrader 4 Server contains a path traversal vulnerability. This vulnerability stems from the operation of the CallToolRequestSchema function in the src/index.ts...

6.5CVSS6.6AI score0.00344EPSS
Exploits0References2
NVD
NVD
added 2026/05/01 3:16 p.m.5 views

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

7.5CVSS0.00348EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/01 3:16 p.m.7 views

CVE-2026-43506

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/01 3:16 p.m.6 views

CVE-2026-43504

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

6.5CVSS5.8AI score0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/05/01 3:16 p.m.5 views

UBUNTU-CVE-2026-43505

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References4
Rows per page
Query Builder