Lucene search
K
PatchstackRecent

46578 matches found

Patchstack
Patchstack
added 2026/06/15 8:0 p.m.14 views

NPM: DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

NPM: DOMPurify: INPLACE mode trusts attacker-controlled nodeName on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.6...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 7:59 p.m.19 views

NPM: DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

NPM: DOMPurify: Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR vulnerability discovered by ? in WordPress Npm dompurify versions 3.4.7...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 7:56 p.m.4 views

NPM: DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

NPM: DOMPurify: Cross-realm INPLACE sanitization leaves executable markup intact via realm-bound instanceof checks vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.5...

5.8AI score0.00055EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 7:53 p.m.4 views

NPM: DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

NPM: DOMPurify: INPLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM vulnerability discovered by ? in WordPress Npm dompurify versions = 3.4.5...

5.8AI score0.00042EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:36 p.m.15 views

NPM: Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

NPM: Nodemailer: CRLF injection in Nodemailer List- header comments allows arbitrary message header injection vulnerability discovered by ? in WordPress Npm nodemailer versions = 8.0.8...

6AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:35 p.m.7 views

NPM: Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

NPM: Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization vulnerability discovered by ? in WordPress Npm nodemailer versions = 8.0.8...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:34 p.m.15 views

NPM: Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

NPM: Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception vulnerability discovered by ? in WordPress Npm nodemailer versions = 8.0.7...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:30 p.m.4 views

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.0...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:27 p.m.4 views

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.2...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:27 p.m.8 views

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.2...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:26 p.m.3 views

NPM: form-data: CRLF injection in form-data via unescaped multipart field names and filenames

NPM: form-data: CRLF injection in form-data via unescaped multipart field names and filenames vulnerability discovered by ? in WordPress Npm form-data versions 2.5.6...

8.7CVSS5.8AI score0.00409EPSS
Exploits0References8Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:19 p.m.4 views

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

NPM: node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential file smuggling vulnerability discovered by ? in WordPress Npm tar versions = 7.5.15...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.4 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.7 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm launch-editor versions = 2.14.0...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:18 p.m.4 views

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows

NPM: launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...

5.5CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.5 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...

8.2CVSS5.8AI score0.00393EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.4 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

8.2CVSS5.8AI score0.00393EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:15 p.m.6 views

WordPress RTMKit plugin <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access vulnerability

Authenticated Contributor+ Missing Authorization to Arbitrary Form Submission Access vulnerability discovered by wesley wcraft in WordPress Plugin RTMKit versions = 2.0.7...

6.5CVSS5.3AI score0.00238EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:15 p.m.5 views

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

NPM: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases vulnerability discovered by ? in WordPress Npm js-yaml versions = 4.1.1...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 4:36 p.m.4 views

NPM: tmp: Type-confusion bypass of _assertPath allows path traversal via non-string prefix/postfix/template

NPM: tmp: Type-confusion bypass of assertPath allows path traversal via non-string prefix/postfix/template vulnerability discovered by ? in WordPress Npm tmp versions = 0.2.6, 0.2.7...

8.2CVSS5.8AI score0.00496EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/06/15 4:34 p.m.3 views

NPM: ws: Memory exhaustion DoS from tiny fragments and data chunks

NPM: ws: Memory exhaustion DoS from tiny fragments and data chunks vulnerability discovered by ? in WordPress Npm ws versions = 1.1.0, 5.2.5...

7.5CVSS5.8AI score0.00725EPSS
Exploits1References6Affected Software1
Patchstack
Patchstack
added 2026/06/15 4:26 p.m.6 views

WordPress Static Block plugin <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Disclosure vulnerability discovered by dyingman in WordPress Plugin Static Block versions = 2.2...

4.3CVSS5.3AI score0.00211EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 4:26 p.m.6 views

WordPress Abandoned Contact Form 7 plugin <= 2.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by g0wthr in WordPress Plugin Abandoned Contact Form 7 versions = 2.5...

5.3CVSS5.2AI score0.00228EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 2:43 p.m.5 views

WordPress Video Conferencing with Zoom plugin <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability

Missing Authorization to Unauthenticated Zoom SDK Credential Exposure vulnerability discovered by aetta in WordPress Plugin Video Conferencing with Zoom versions = 4.6.7...

5.3CVSS5.3AI score0.00323EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 2:30 p.m.7 views

WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Pods versions = 3.3.8...

7.1CVSS5.1AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 2:16 p.m.5 views

WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Plugin Media LIbrary Assistant versions = 3.35...

7.1CVSS5.1AI score0.00146EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 2:5 p.m.5 views

WordPress JetEngine plugin <= 3.8.10.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin JetEngine versions = 3.8.10.1...

9.3CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 1:58 p.m.7 views

WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Envira Photo Gallery versions = 1.12.5...

6.5CVSS5.2AI score0.00196EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 1:55 p.m.7 views

WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by hhhai in WordPress Plugin GetGenie versions = 4.4.1...

6.5CVSS5.2AI score0.00207EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 1:52 p.m.6 views

WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability

SQL Injection vulnerability discovered by alvarodh5 in WordPress Plugin GEO my WordPress versions = 4.5.5...

9.3CVSS5.8AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 1:47 p.m.6 views

WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.4.16...

5.9CVSS5.2AI score0.00176EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 1:45 p.m.6 views

WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WooCommerce POS versions = 1.8.14...

7.5CVSS5.2AI score0.00232EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 1:42 p.m.5 views

WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Attendance Manager versions = 0.6.2...

7.6CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 12:50 p.m.7 views

WordPress Elite Elementor Addons and Widgets plugin <= 1.2.2 - Other vulnerability Type vulnerability

Other vulnerability Type vulnerability discovered by mcdruid in WordPress Plugin Elite Elementor Addons and Widgets versions = 1.2.2...

8.2CVSS5.2AI score0.00229EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 12:49 p.m.6 views

WordPress WP Event SOlution plugin <= 4.1.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by l3m3s in WordPress Plugin WP Event SOlution versions = 4.1.12...

7.5CVSS5.2AI score0.00232EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 12:44 p.m.5 views

WordPress Arabesque theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Arabesque versions = 1.6...

9.8CVSS7.7AI score0.00409EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 12:43 p.m.5 views

WordPress ShiftUp theme <= 1.2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ShiftUp versions = 1.2.1...

8.1CVSS5.2AI score0.00327EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 12:34 p.m.6 views

WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Theme Avada versions = 3.15.3...

8.8CVSS5.4AI score0.00482EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 12:30 p.m.6 views

WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.4...

9.8CVSS5.4AI score0.00386EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 10:7 a.m.6 views

WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WorkScout-Core versions = 1.7.11...

6.5CVSS5.3AI score0.00351EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:55 a.m.4 views

WordPress Potisen theme <= 1.2.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Potisen versions = 1.2.7...

8.1CVSS5.2AI score0.00404EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:53 a.m.5 views

WordPress WebOn theme <= 1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WebOn versions = 1.4...

8.1CVSS5.2AI score0.00327EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:42 a.m.5 views

WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SigmaForms Pro – AI Generated Forms versions = 1.4.5...

9CVSS5.3AI score0.00294EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:39 a.m.4 views

WordPress WooCommerce PDF Invoice Builder plugin <= 2.0.8 - Remote Code Execution (RCE) vulnerability

Remote Code Execution RCE vulnerability discovered by she11f in WordPress Plugin WooCommerce PDF Invoice Builder versions = 2.0.8...

10CVSS5.5AI score0.00314EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:35 a.m.9 views

WordPress Online Scheduling and Appointment Booking System – Bookly plugin <= 27.2 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin Bookly versions = 27.2...

7.2CVSS5.2AI score0.00312EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 9:30 a.m.8 views

WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.31 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites versions = 2.31...

7.2CVSS5.2AI score0.00316EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:45 a.m.10 views

WordPress Customer Support Ticket System & Helpdesk plugin <= 6.0.4 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by she11f in WordPress Plugin WP Ticket Customer Service Software & Support Ticket System versions = 6.0.4...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/12 9:0 p.m.4 views

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization vulnerability discovered by ? in WordPress Npm fabric versions 7.4.0...

5.4CVSS5.8AI score0.00194EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2026/06/12 8:44 p.m.7 views

WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by theviper17 in WordPress Plugin Hash Elements versions = 1.5.4...

4.3CVSS5.3AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/12 8:8 p.m.11 views

NPM: Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY

NPM: Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPMCONFIGREGISTRY vulnerability discovered by ? in WordPress Npm esbuild versions = 0.17.0, 0.28.1...

6.5AI score
Exploits0References3Affected Software1
Total number of security vulnerabilities46578