336574 matches found
Malicious code in chai-as-persisted (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cf9c49450e0fa0d47be1b6ae27991f844868ff6c435d2082948b5feae862709 The package's postinstall script npm run smoke:pino executes index.js, which spawns a detached node lib/initializeCaller.js child. That module hides...
CVE-2026-13331
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13333
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13333 Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13333
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13333
CVE-2026-13333 affects the Groundhogg WordPress plugin up to version 4.5.5. The issue is a generic SQL injection in the query[select] path caused by insufficient escaping and inadequate preparation of the SQL query, allowing an authenticated attacker with Sales Representative-level access or high...
EUVD-2026-39930
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13331
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13331
The affected software is the Groundhogg WordPress plugin (CRM, Newsletters, and Marketing Automation). It is vulnerable to a generic SQL Injection via the 'search' parameter in all versions up to and including 4.5.5 , caused by insufficient escaping of the user-supplied value and inadequate prepa...
EUVD-2026-39928
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-13331 Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
GHSA-QRV3-253H-G69C
creationtimestamp| type| source ---|---|--- 2026-06-27 00:42:18+00:00| seen| https://gist.github.com/alon710/ce97a7a2201a10b1242cd90e0ea16a7d...
CVE-2026-47073
creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:56+00:00| published-proof-of-concept| https://github.com/benoitc/hackney/security/advisories/GHSA-q8jg-fgj4-fphf...
CVE-2026-47067
creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:54+00:00| published-proof-of-concept| https://github.com/benoitc/hackney/security/advisories/GHSA-9653-rcfr-5c62...
CVE-2026-49358
creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:52+00:00| published-proof-of-concept| https://github.com/pontedilana/php-weasyprint/security/advisories/GHSA-5g9f-cwwg-4p8g...
CVE-2026-49336
creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:44+00:00| published-proof-of-concept| https://github.com/microsoft/kiota-typescript/security/advisories/GHSA-396q-4vc8-28x9...
CVE-2026-49342
creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:42+00:00| published-proof-of-concept| https://github.com/lsegal/yard/security/advisories/GHSA-pxcc-8665-phx8...
CVE-2026-50029
creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:39+00:00| published-proof-of-concept| https://github.com/sunnyadn/js-toml/security/advisories/GHSA-m34p-749j-x6m6...
CVE-2026-53520
creationtimestamp| type| source ---|---|--- 2026-06-27 00:35:27+00:00| published-proof-of-concept| https://github.com/nezhahq/nezha/security/advisories/GHSA-x6fg-52vr-hj4w...