46571 matches found
NPM: parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist
NPM: parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.80...
NPM: parse-server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL
NPM: parse-server: Relation $relatedTo query bypasses protectedFields and owning-object ACL vulnerability discovered by ? in WordPress Npm parse-server versions 8.6.80...
NPM: parse-server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied
NPM: parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied vulnerability discovered by ? in WordPress Npm parse-server versions = 9.8.0, 9.9.1-alpha.5...
NPM: parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist
NPM: parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.78...
NPM: parse-server: Server option routeAllowList is bypassable through batch sub-requests
NPM: parse-server: Server option routeAllowList is bypassable through batch sub-requests vulnerability discovered by ? in WordPress Npm parse-server versions = 9.8.0, 9.9.1-alpha.3...
NPM: TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)
NPM: TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy MySQL/MariaDB vulnerability discovered by ? in WordPress Npm typeorm versions = 0.1.12, = 0.3.28...
NPM: Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync
NPM: Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync vulnerability discovered by ? in WordPress Npm agentic-flow versions = 2.0.13...
NPM: parse-server: Denial of service via exponential-time processing of deeply nested query operators
NPM: parse-server: Denial of service via exponential-time processing of deeply nested query operators vulnerability discovered by ? in WordPress Npm parse-server versions 8.6.82...
NPM: undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching
NPM: undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...
NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass
NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...
NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding
NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...
NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse vulnerability discovered by ? in WordPress Npm undici versions = 7.23.0, 7.28.0...
NPM: undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse
NPM: undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...
NPM: Network-AI: Improper Neutralization of Special Elements used in an OS Command
NPM: Network-AI: Improper Neutralization of Special Elements used in an OS Command vulnerability discovered by ? in WordPress Npm network-ai versions 5.9.1...
NPM: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests
NPM: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests vulnerability discovered by ? in WordPress Npm network-ai versions = 5.7.1...
WordPress WP Hotel Booking plugin < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability
Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability discovered by Sanjorn Keeratirungsan in WordPress Plugin WP Hotel Booking versions 2.3.1...
WordPress WP Go Maps plugin <= 10.1.01 - Unauthenticated Arbitrary Record Creation vulnerability
Unauthenticated Arbitrary Record Creation vulnerability discovered by Thanh Điềm in WordPress Plugin WP Go Maps versions = 10.1.01...
WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin UPI QR Code Payment Gateway for WooCommerce versions = 1.6.2...
WordPress Paymob for WooCommerce plugin <= 4.1.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin Paymob for WooCommerce versions = 4.1.3...
WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider versions = 3.11.2...
WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...
WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3.1...
WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by sequenceX0 in WordPress Plugin CheckView Automated Testing versions = 2.1.0...
WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by l3m3s in WordPress Plugin MapPress Maps for WordPress versions = 2.97.3...
WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Austin Ginder in WordPress Plugin Abandoned Cart Pro for WooCommerce versions = 10.4.0...
WordPress Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin <= 2.8.7 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Lucius-log in WordPress Plugin Bit Integrations versions = 2.8.7...
WordPress BetterDocs Pro plugin <= 3.8.0 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin BetterDocs Pro versions = 3.8.0...
NPM: ts-deepmerge: Prototype Method Override leads to DoS
NPM: ts-deepmerge: Prototype Method Override leads to DoS vulnerability discovered by ? in WordPress Npm ts-deepmerge versions 8.0.0...
NPM: Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
NPM: Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints vulnerability discovered by ? in WordPress Npm signalk-server versions = 2.27.0...
NPM: gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)
NPM: gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting CVE-2026-0755 vulnerability discovered by ? in WordPress Npm gemini-mcp-tool versions = 1.1.2, 1.1.6...
NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...
NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment
NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...
NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection
NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...
NPM: OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots
NPM: OpenClaw: Workspace .env STATEDIRECTORY could influence bundled runtime dependency roots vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...
NPM: OpenClaw: Discord allowFrom could bind to mutable display names
NPM: OpenClaw: Discord allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...
NPM: OpenClaw: Focus command could miss controlScope enforcement
NPM: OpenClaw: Focus command could miss controlScope enforcement vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...
NPM: OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install
NPM: OpenClaw: Workspace .env npmexecpath could influence bundled runtime dependency install vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.29...
NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.12...
NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers
NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...
NPM: OpenClaw: memory-wiki shared search could miss session visibility checks
NPM: OpenClaw: memory-wiki shared search could miss session visibility checks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.27...
NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions
NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...
NPM: OpenClaw: Zalo allowFrom could bind to mutable display names
NPM: OpenClaw: Zalo allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.2...
NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks
NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...
NPM: OpenClaw: Active Memory write scope could mutate global config
NPM: OpenClaw: Active Memory write scope could mutate global config vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...
NPM: OpenClaw: Exported session HTML could keep unsafe markdown links
NPM: OpenClaw: Exported session HTML could keep unsafe markdown links vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...
NPM: OpenClaw: Slack reaction events could ignore reaction notification settings
NPM: OpenClaw: Slack reaction events could ignore reaction notification settings vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...
NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes
NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.10-beta.2...
NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks
NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.2...
NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...
NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...