The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

See pricing

Rated 4.9

Total47,409

MitigationsMitigation rules15,242

No official patch12,920

In triage1,592

Published soon3

StatsWordPress stats

CVSS0

Mitigation available

Exploited

Affected software \| Vulnerability	Risk	Disclosed
Slider Revolution<= 7.0.9 Unauthenticated Sensitive Information Exposure vulnerability	5.3	15 hours ago
@angular/platform-server<= 18.2.14 NPM: @angular/platform-server: SSRF via Hostname Hijacking	8.8	15 hours ago
@beproduct/nestjs-auth>= 0.1.2, <= 0.1.19 NPM: Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulud worm	10	15 hours ago
camofox-mcp< 1.13.2 NPM: CamoFox MCP: Unauthenticated HTTP MCP browser-control surface	7	15 hours ago
sillytavern<= 1.17.0 NPM: SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl	8.5	15 hours ago
@libp2p/kad-dht< 16.2.6 NPM: @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes	7.5	15 hours ago
nuxt>= 4.0.0-alpha.1, <= 4.4.5 NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning	2.3	15 hours ago
@nuxt/nitro-server>= 4.2.0, <= 4.4.5 NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning	2.3	15 hours ago
@penpot/mcp< 2.15.0 NPM: PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE	8.8	15 hours ago
@haxtheweb/haxcms-nodejs< 26.0.0 NPM: HAX CMS: Denial of Service using Malicious Import Request	6.5	16 hours ago
turbo<= 2.9.13 NPM: Trubo: Login callback CSRF/session fixation	5.1	16 hours ago
turbo>= 1.1.0, < 2.9.14 NPM: Turbo: Unexpected local code execution during Yarn Berry detection	9.8	16 hours ago
@turbo/codemod>= 2.3.4, < 2.9.14 NPM: Turbo: Unexpected local code execution during Yarn Berry detection	9.8	16 hours ago
@turbo/workspaces>= 2.3.4, < 2.9.14 NPM: Turbo: Unexpected local code execution during Yarn Berry detection	9.8	16 hours ago
9router>= 0.4.30, < 0.4.37 NPM: 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes	10	16 hours ago
Anomify AI – Anomaly Detection and Alerting<= 0.3.6 Cross-Site Request Forgery vulnerability	4.3	18 hours ago
NextGEN Gallery<= 4.2.0 Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion vulnerability	4.3	18 hours ago
@apify/actors-mcp-server< 0.9.21 NPM: Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching	6.1	19 hours ago
budibase< 3.38.2 NPM: Budibase: Unrestricted Upload of File with Dangerous Type	7.6	19 hours ago
@budibase/backend-core< 3.38.2 NPM: Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour	4.2	19 hours ago