Lucene search
+L

533 matches found

osv
osv
added 2026/07/06 7:0 p.m.6 views

MAL-2026-6905 Malicious code in winston-prism (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06134c2a9c642914c91312e4d0184158fda282ec1bb3715fc143e7834993e266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ossf
ossf
added 2026/07/06 7:0 p.m.11 views

Malicious code in winston-prism (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06134c2a9c642914c91312e4d0184158fda282ec1bb3715fc143e7834993e266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.18 views

PT-2026-42562

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Unauthenticated users can access page metadata on any page that has a configured summary template. This allows for the disclosure of private, draft, and restricted pages, leaking information suc...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References4
osv
osv
added 2026/04/16 10:23 a.m.9 views

MAL-2026-2805 Malicious code in winston-prisma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2a581514f0a9f03ad807946bb8aa90ed013936e91ed2a413ced0966986921 The package winston-prisma was found to contain malicious code...

5.7AI score
Exploits0
ossf
ossf
added 2026/04/16 10:23 a.m.11 views

Malicious code in winston-prisma (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2a581514f0a9f03ad807946bb8aa90ed013936e91ed2a413ced0966986921 The package winston-prisma was found to contain malicious code...

5.7AI score
Exploits0
redhatcve
redhatcve
added 2026/03/08 1:44 a.m.6 views

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1
nvd
nvd
added 2026/03/07 12:16 a.m.9 views

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS0.00283EPSS
Exploits0References6
patchstack
patchstack
added 2026/03/07 12:10 a.m.9 views

WordPress Winston AI plugin <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI versions = 0.0.3...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/03/07 12:0 a.m.8 views

WordPress plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References7
cve
cve
added 2026/03/06 11:22 p.m.15 views

CVE-2026-1981

The Winston AI WordPress plugin (HUMN-1 AI Website Scanner & Human Certification)

4.3CVSS5.8AI score0.00283EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/03/06 11:22 p.m.5 views

CVE-2026-1981

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References7
vulnrichment
vulnrichment
added 2026/03/06 11:22 p.m.8 views

CVE-2026-1981 Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/03/06 12:0 a.m.5 views

PT-2026-23761

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston disconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2025/11/30 12:0 a.m.14 views

PT-2025-48396

A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can le...

5.3CVSS5.2AI score0.0027EPSS
Exploits0References5
euvd
euvd
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-178073

Malicious code in lint-markdownlint-sedimentology-winston npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-175578

Malicious code in websockets-winston-neptune-ablation npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-175542

Malicious code in winston-kinetic-zenith-corvus npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/13 3:23 a.m.6 views

EUVD-2025-176092

Malicious code in supervisor-winston-superagent-exosphere npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/13 3:23 a.m.5 views

Malicious code in winston-lint-staged-ganymede-parcel (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 964fa62b6be534e55034d3bb600bcaab53ab3dfd3be346bd6d3534cd63246be6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
osv
osv
added 2025/11/13 3:23 a.m.4 views

MAL-2025-188015 Malicious code in meteor-cache-fomalhaut-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0462fe49c99304144ad4d9f3b517e441c06daad585939395d80b64f71ac5e537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder