Lucene search
K
PatchstackRecent

46571 matches found

Patchstack
Patchstack
added 2026/06/16 2:20 p.m.6 views

WordPress WP Activity Log plugin <= 5.6.3.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3.1...

9.8CVSS5.4AI score0.00588EPSS
Exploits1Affected Software1
Patchstack
Patchstack
added 2026/06/16 2:15 p.m.4 views

NPM: hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard

NPM: hono: CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/16 2:11 p.m.6 views

WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by ParkHyunWoo in WordPress Plugin Falang multilanguage versions = 1.4.2...

8.8CVSS5.2AI score0.00389EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 2:9 p.m.5 views

NPM: hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)

NPM: hono: Path traversal in serve-static on Windows via encoded backslash %5C vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.9CVSS5.8AI score0.00292EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/16 2:8 p.m.5 views

NPM: hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

NPM: hono: AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice vulnerability discovered by ? in WordPress Npm hono versions 4.12.25...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/16 2:5 p.m.4 views

NPM: Astro: Reflected XSS via unescaped slot name

NPM: Astro: Reflected XSS via unescaped slot name vulnerability discovered by ? in WordPress Npm astro versions 6.3.3...

7.1CVSS5.8AI score0.00177EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:49 p.m.5 views

NPM: Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

NPM: Nuxt: Reflected XSS in via unsanitised javascript: or data: URL vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

5.4CVSS5.8AI score0.00198EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:49 p.m.4 views

NPM: Nuxt dev server vite-node IPC socket is world-connectable on Linux

NPM: Nuxt dev server vite-node IPC socket is world-connectable on Linux vulnerability discovered by ? in WordPress Npm nuxt versions = 3.18.0, 3.21.7...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:48 p.m.4 views

NPM: Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

NPM: Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher vulnerability discovered by ? in WordPress Npm nuxt versions = 3.11.0, 3.21.7...

8.8CVSS5.8AI score0.00294EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:47 p.m.12 views

NPM: Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

NPM: Nuxt: URL-handling weaknesses in navigateTo and reloadNuxtApp: SSR open redirect, client-side script execution via the open option, and protocol-relative bypass in reloadNuxtApp vulnerability discovered by ? in WordPress Npm nuxt versions 3.21.7...

6.1CVSS6AI score0.00205EPSS
Exploits0References10Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:38 p.m.7 views

WordPress Melhor Envio plugin <= 2.16.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by HieuPenguinnn in WordPress Plugin Melhor Envio versions = 2.16.3...

7.6CVSS5.2AI score0.00282EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:26 p.m.5 views

WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Jakub Herman in WordPress Plugin SMS Alert Order Notifications versions = 3.9.3...

7.5CVSS5.2AI score0.00381EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:24 p.m.6 views

WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin SMS Alert Order Notifications versions = 3.9.4...

9.8CVSS5.2AI score0.0045EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:19 p.m.6 views

WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.4...

7.7CVSS5.2AI score0.00337EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:12 p.m.7 views

WordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Jakub Herman in WordPress Plugin Clean Login versions = 1.15...

8.2CVSS5.2AI score0.00261EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:5 p.m.7 views

WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10...

7.1CVSS5.1AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:3 p.m.6 views

WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Baikuya in WordPress Plugin JetFormBuilder versions = 3.6.1...

6.8CVSS5.2AI score0.00211EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 1:1 p.m.5 views

WordPress JetEngine plugin <= 3.8.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10...

7.1CVSS5.1AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 12:58 p.m.5 views

WordPress JobSearch plugin <= 3.2.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin JobSearch versions = 3.2.9...

9.3CVSS5.8AI score0.00297EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 12:50 p.m.6 views

WordPress Cornerstone plugin < 7.8.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Cornerstone versions 7.8.8...

8.5CVSS5.8AI score0.00342EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 12:42 p.m.6 views

WordPress JetFormBuilder plugin <= 3.6.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin JetFormBuilder versions = 3.6.0.1...

7.1CVSS5.1AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 12:37 p.m.5 views

WordPress Popup box plugin <= 6.2.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Popup box versions = 6.2.9...

7.1CVSS5.1AI score0.00192EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/16 9:2 a.m.6 views

WordPress WooCommerce Stripe Payment Gateway plugin <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation vulnerability

Missing Authorization to Unauthenticated Order Status Manipulation vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WooCommerce Stripe Payment Gateway versions = 10.7.0...

6.5CVSS5.2AI score0.00267EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 9:2 a.m.5 views

WordPress Secure Client Portal and Private File Sharing Plugin – User Private Files plugin <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by pham quang huy Zibanana in WordPress Plugin User Private Files versions = 2.1.6...

6.4CVSS5.2AI score0.00235EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:34 a.m.5 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:32 a.m.8 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:27 a.m.5 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.1CVSS5.2AI score0.00516EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:2 a.m.10 views

WordPress Premmerce Dev Tools plugin <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution vulnerability

Missing Authorization to Authenticated Subscriber+ Remote Code Execution vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Premmerce Dev Tools versions = 2.0...

8.8CVSS5.5AI score0.00607EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 12:0 a.m.6 views

WordPress Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Duc Long in WordPress Plugin Counter Box versions = 2.0.13...

6.6CVSS5.4AI score0.00535EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:30 p.m.3 views

NPM: Remotion: arbitrary file write vulnerability

NPM: Remotion: arbitrary file write vulnerability discovered by ? in WordPress Npm remotion versions 4.0.410...

9.1CVSS6AI score0.00324EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:30 p.m.5 views

NPM: Remotion: remote code execution (RCE) vulnerability

NPM: Remotion: remote code execution RCE vulnerability discovered by ? in WordPress Npm remotion versions 4.0.410...

9.8CVSS6.5AI score0.0081EPSS
Exploits1References5Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:56 p.m.16 views

NPM: Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`

NPM: Nuxt: Dev server discloses project absolute path and persistent workspace UUID via /.well-known/appspecific/com.chrome.devtools.json vulnerability discovered by ? in WordPress Npm nuxt versions = 4.0.0-alpha.1, 4.4.7...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:47 p.m.3 views

NPM: aws-cdk-lib: OS Command Injection in NodejsFunction Bundling

NPM: aws-cdk-lib: OS Command Injection in NodejsFunction Bundling vulnerability discovered by ? in WordPress Npm aws-cdk-lib versions 2.246.0...

7.3CVSS5.9AI score0.00936EPSS
Exploits1References7Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:41 p.m.3 views

NPM: markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations

NPM: markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations vulnerability discovered by ? in WordPress Npm markdown-it versions = 14.1.1...

5.3CVSS5.7AI score0.00306EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:20 p.m.5 views

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

NPM: Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow vulnerability discovered by ? in WordPress Npm electron versions = 42.3.1, 42.3.3...

9.3CVSS6AI score0.00253EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:15 p.m.6 views

NPM: UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

NPM: UAParser.js: Unbounded Sec-CH-UA-Model parsing can trigger ReDoS in withClientHints vulnerability discovered by ? in WordPress Npm ua-parser-js versions = 2.0.1, 2.0.10...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:13 p.m.4 views

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.1...

8.2CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:13 p.m.4 views

NPM: protobufjs: Memory amplification from preserved unknown fields in binary decode

NPM: protobufjs: Memory amplification from preserved unknown fields in binary decode vulnerability discovered by ? in WordPress Npm protobufjs versions = 8.2.0, = 8.4.2...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:12 p.m.7 views

NPM: DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output

NPM: DOMPurify: Trusted Types policy survives clearConfig and can poison later RETURNTRUSTEDTYPE output vulnerability discovered by ? in WordPress Npm dompurify versions 3.4.9...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:6 p.m.4 views

NPM: React Router: Potential CSRF via PUT/PATCH/DELETE document requests

NPM: React Router: Potential CSRF via PUT/PATCH/DELETE document requests vulnerability discovered by ? in WordPress Npm react-router versions = 7.12.0, 7.15.1...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:5 p.m.4 views

NPM: Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

NPM: Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

5.8AI score0.00089EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:2 p.m.7 views

NPM: DOMPurify: SAFE_FOR_TEMPLATES bypass - template expressions survive sanitization inside <template> content when using DOM output modes

template expressions survive sanitization inside content when using DOM output modes vulnerability discovered by ? in WordPress Npm dompurify versions = 3.0.0, = 3.4.7...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:1 p.m.3 views

NPM: DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

NPM: DOMPurify INPLACE Sanitization Bypass via Attached Shadow Root Inside .content vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.6...

5.8AI score0.00038EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:0 p.m.13 views

NPM: DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

NPM: DOMPurify: INPLACE mode trusts attacker-controlled nodeName on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.6...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 7:59 p.m.18 views

NPM: DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

NPM: DOMPurify: Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR vulnerability discovered by ? in WordPress Npm dompurify versions 3.4.7...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 7:56 p.m.3 views

NPM: DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

NPM: DOMPurify: Cross-realm INPLACE sanitization leaves executable markup intact via realm-bound instanceof checks vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.5...

5.8AI score0.00055EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 7:53 p.m.3 views

NPM: DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

NPM: DOMPurify: INPLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.5...

5.8AI score0.00042EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:36 p.m.14 views

NPM: Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

NPM: Nodemailer: CRLF injection in Nodemailer List- header comments allows arbitrary message header injection vulnerability discovered by ? in WordPress Npm nodemailer versions = 8.0.8...

6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:35 p.m.6 views

NPM: Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

NPM: Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization vulnerability discovered by ? in WordPress Npm nodemailer versions = 8.0.8...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:34 p.m.14 views

NPM: Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

NPM: Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception vulnerability discovered by ? in WordPress Npm nodemailer versions = 8.0.7...

5.8AI score
Exploits0References2Affected Software1
Total number of security vulnerabilities46571