Lucene search
K
PatchstackRecent

46571 matches found

Patchstack
Patchstack
added 2026/06/19 7:36 p.m.6 views

NPM: parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist

NPM: parse-server: Stored XSS via non-standard file extension bypassing file upload extension blocklist vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.80...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:35 p.m.6 views

NPM: parse-server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

NPM: parse-server: Relation $relatedTo query bypasses protectedFields and owning-object ACL vulnerability discovered by ? in WordPress Npm parse-server versions 8.6.80...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:35 p.m.6 views

NPM: parse-server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

NPM: parse-server: Endpoints /login and /verifyPassword disclose MFA secrets and protected fields when User get is denied vulnerability discovered by ? in WordPress Npm parse-server versions = 9.8.0, 9.9.1-alpha.5...

5.9CVSS5.8AI score0.00251EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:35 p.m.6 views

NPM: parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

NPM: parse-server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist vulnerability discovered by ? in WordPress Npm parse-server versions = 8.6.78...

2.1CVSS5.8AI score0.00281EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:34 p.m.4 views

NPM: parse-server: Server option routeAllowList is bypassable through batch sub-requests

NPM: parse-server: Server option routeAllowList is bypassable through batch sub-requests vulnerability discovered by ? in WordPress Npm parse-server versions = 9.8.0, 9.9.1-alpha.3...

6.9CVSS5.8AI score0.00342EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 7:18 p.m.14 views

NPM: TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy (MySQL/MariaDB)

NPM: TypeORM: SQL Injection in UpdateQueryBuilder/SoftDeleteQueryBuilder orderBy MySQL/MariaDB vulnerability discovered by ? in WordPress Npm typeorm versions = 0.1.12, = 0.3.28...

6AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 3:12 p.m.14 views

NPM: Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync

NPM: Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync vulnerability discovered by ? in WordPress Npm agentic-flow versions = 2.0.13...

5.9AI score
Exploits0References8Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:50 p.m.15 views

NPM: parse-server: Denial of service via exponential-time processing of deeply nested query operators

NPM: parse-server: Denial of service via exponential-time processing of deeply nested query operators vulnerability discovered by ? in WordPress Npm parse-server versions 8.6.82...

5.8AI score
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:34 p.m.4 views

NPM: undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

NPM: undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

3.7CVSS5.8AI score0.00248EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:22 p.m.5 views

NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass

NPM: undici WebSocket client vulnerable to denial of service via fragment count bypass vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:21 p.m.5 views

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

5.9CVSS5.8AI score0.00257EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:20 p.m.7 views

NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

NPM: undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse vulnerability discovered by ? in WordPress Npm undici versions = 7.23.0, 7.28.0...

8.8CVSS6.4AI score0.00277EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 2:19 p.m.4 views

NPM: undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

NPM: undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 1:35 p.m.5 views

NPM: Network-AI: Improper Neutralization of Special Elements used in an OS Command

NPM: Network-AI: Improper Neutralization of Special Elements used in an OS Command vulnerability discovered by ? in WordPress Npm network-ai versions 5.9.1...

5.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 1:34 p.m.6 views

NPM: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests

NPM: Network-AI: CVE-2026-46701 fix incomplete — empty default secret still authorizes all requests vulnerability discovered by ? in WordPress Npm network-ai versions = 5.7.1...

9.1CVSS5.8AI score0.00297EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:18 a.m.7 views

WordPress WP Hotel Booking plugin < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability

Subscriber+ Missing Authorization in Multiple AJAX Handlers vulnerability discovered by Sanjorn Keeratirungsan in WordPress Plugin WP Hotel Booking versions 2.3.1...

6.5CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:16 a.m.6 views

WordPress WP Go Maps plugin <= 10.1.01 - Unauthenticated Arbitrary Record Creation vulnerability

Unauthenticated Arbitrary Record Creation vulnerability discovered by Thanh Điềm in WordPress Plugin WP Go Maps versions = 10.1.01...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:10 a.m.4 views

WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin UPI QR Code Payment Gateway for WooCommerce versions = 1.6.2...

5.4CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:4 a.m.5 views

WordPress Paymob for WooCommerce plugin <= 4.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin Paymob for WooCommerce versions = 4.1.3...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:3 a.m.4 views

WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Master Slider versions = 3.11.2...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:59 a.m.8 views

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

6.5CVSS5.8AI score0.00235EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:51 a.m.5 views

WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin WP Activity Log versions = 5.6.3.1...

7.1CVSS5.8AI score0.0023EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:46 a.m.7 views

WordPress CheckView Automated Testing plugin <= 2.1.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by sequenceX0 in WordPress Plugin CheckView Automated Testing versions = 2.1.0...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:45 a.m.6 views

WordPress MapPress Maps for WordPress plugin <= 2.97.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by l3m3s in WordPress Plugin MapPress Maps for WordPress versions = 2.97.3...

7.1CVSS5.8AI score0.00244EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:22 a.m.4 views

WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Austin Ginder in WordPress Plugin Abandoned Cart Pro for WooCommerce versions = 10.4.0...

8.8CVSS5.8AI score0.00378EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:12 a.m.9 views

WordPress Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation plugin <= 2.8.7 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Lucius-log in WordPress Plugin Bit Integrations versions = 2.8.7...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/19 8:4 a.m.12 views

WordPress BetterDocs Pro plugin <= 3.8.0 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin BetterDocs Pro versions = 3.8.0...

9.8CVSS5.8AI score0.00886EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2026/06/19 6:31 a.m.6 views

NPM: ts-deepmerge: Prototype Method Override leads to DoS

NPM: ts-deepmerge: Prototype Method Override leads to DoS vulnerability discovered by ? in WordPress Npm ts-deepmerge versions 8.0.0...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/06/18 9:13 p.m.5 views

NPM: Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints

NPM: Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints vulnerability discovered by ? in WordPress Npm signalk-server versions = 2.27.0...

5.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:44 p.m.5 views

NPM: gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)

NPM: gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting CVE-2026-0755 vulnerability discovered by ? in WordPress Npm gemini-mcp-tool versions = 1.1.2, 1.1.6...

9.8CVSS7.5AI score0.03336EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:44 p.m.4 views

NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state

NPM: OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:42 p.m.5 views

NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment

NPM: OpenClaw: Empty-scope device re-pairing could confuse caller scope containment vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...

5.4CVSS5.8AI score0.00206EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:41 p.m.5 views

NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection

NPM: OpenClaw: Workspace-derived service PATH could influence trash command selection vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...

7.2CVSS5.8AI score0.00119EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:39 p.m.6 views

NPM: OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots

NPM: OpenClaw: Workspace .env STATEDIRECTORY could influence bundled runtime dependency roots vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.2...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:36 p.m.5 views

NPM: OpenClaw: Discord allowFrom could bind to mutable display names

NPM: OpenClaw: Discord allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...

8.6CVSS5.8AI score0.00267EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:34 p.m.6 views

NPM: OpenClaw: Focus command could miss controlScope enforcement

NPM: OpenClaw: Focus command could miss controlScope enforcement vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.24...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:33 p.m.5 views

NPM: OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install

NPM: OpenClaw: Workspace .env npmexecpath could influence bundled runtime dependency install vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.29...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:33 p.m.5 views

NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns

NPM: OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns vulnerability discovered by ? in WordPress Npm openclaw versions 2026.5.12...

8.3CVSS5.8AI score0.00347EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:32 p.m.5 views

NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers

NPM: OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.6...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:31 p.m.5 views

NPM: OpenClaw: memory-wiki shared search could miss session visibility checks

NPM: OpenClaw: memory-wiki shared search could miss session visibility checks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.27...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:29 p.m.4 views

NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions

NPM: OpenClaw: Config recovery could restore openclaw.json with broad file permissions vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.23...

5.7CVSS5.8AI score0.00094EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:17 p.m.4 views

NPM: OpenClaw: Zalo allowFrom could bind to mutable display names

NPM: OpenClaw: Zalo allowFrom could bind to mutable display names vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.2...

8.6CVSS5.8AI score0.00225EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:16 p.m.4 views

NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks

NPM: OpenClaw: Skill-command dispatch could skip before-tool-call hooks vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:15 p.m.5 views

NPM: OpenClaw: Active Memory write scope could mutate global config

NPM: OpenClaw: Active Memory write scope could mutate global config vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.5...

5.4CVSS5.8AI score0.00176EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:14 p.m.4 views

NPM: OpenClaw: Exported session HTML could keep unsafe markdown links

NPM: OpenClaw: Exported session HTML could keep unsafe markdown links vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:13 p.m.5 views

NPM: OpenClaw: Slack reaction events could ignore reaction notification settings

NPM: OpenClaw: Slack reaction events could ignore reaction notification settings vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.7...

6.3CVSS5.8AI score0.00191EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:12 p.m.4 views

NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes

NPM: OpenClaw: Bootstrap token replay could widen pending pairing scopes vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.10-beta.2...

5.4CVSS5.8AI score0.00088EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:12 p.m.4 views

NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks

NPM: OpenClaw: Shell positional parameters could weaken strict inline-eval checks vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.2...

8.1CVSS5.8AI score0.0026EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:11 p.m.4 views

NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently

NPM: OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/06/18 8:10 p.m.5 views

NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers

NPM: OpenClaw: Exec allowlist could miss side effects from transparent command wrappers vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.5.22...

4.3CVSS5.8AI score0.00185EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities46571