The leading open source vulnerability database

Instantly mitigate vulnerabilities in WordPress websites with Patchstack.

Total49,354
Mitigations15,940
Stats
CVSS0
10
Affected software | Vulnerability
RiskDisclosed
@andrea9293/mcp-documentation-server1.13.0
NPM: @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
8.8
28 minutes ago
systeminformation<= 5.31.6
NPM: systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
8.7
45 minutes ago
dd-trace< 5.100.0
NPM: dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS
7.5
56 minutes ago
websocket-driver< 0.7.5
NPM: websocket-driver: Resource limit bypass via message compression
6.3
1 hour ago
websocket-driver< 0.7.5
NPM: websocket-driver: Message corruption via abuse of protocol length headers
9.2
1 hour ago
obsidian-local-rest-api< 4.1.3
NPM: obsidian-local-rest-api: Authenticated path traversal via URL-encoded %2F in /vault/{path} — arbitrary host file read/write/delete
8.8
1 hour ago
n8n-mcp<= 2.57.3
NPM: n8n-MCP: Incorrect authorization can expose default-scope workflow version backups in multi-tenant HTTP mode
4.2
1 day ago
tidgi<= 0.13.0
NPM: TidGi Desktop Remote Code Execution via Malicious TiddlyWiki Repository Import — Tiddler Startup Module Auto-Execution
9.6
1 day ago
@feathersjs/commons<= 5.0.44
NPM: Prototype pollution in @feathersjs/commons _.merge via JSON-parsed __proto__
3.7
1 day ago
n8n-mcp<= 2.56.0
NPM: n8n-MCP: Cross-tenant access to workflow version backups in multi-tenant HTTP deployments
9.9
1 day ago
@fedify/fedify>= 0.11.2, < 1.9.12
NPM: Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
8.6
1 day ago
@fedify/vocab-runtime< 2.0.19
NPM: Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges
8.6
1 day ago
Genolve<= 5.0.5
Authenticated (Contributor+) Incorrect Authorization to Privilege Escalation vulnerability
8.8
1 day ago
bbp style pack<= 6.4.5
Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
6.5
1 day ago
CorvusPay WooCommerce Payment Gateway<= 2.7.4
Unauthenticated Stored Cross-Site Scripting vulnerability
7.1
1 day ago
W3 Total Cache<= 2.9.4
Unauthenticated Arbitrary File Read vulnerability
7.5
1 day ago
WordPress CTA<= 2.2.2
Unauthenticated Time-Based Blind SQL Injection vulnerability
9.3
1 day ago
Aimogen Pro<= 2.8.4
WordPress Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin <= 2.8.4 - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation vulnerability
9.8
1 day ago
Ultimate Auction Pro<= 2.4.5
Reflected XSS via uwa_manage_auctions vulnerability
7.1
2 days ago
Ultimate Auction Pro<= 2.4.5
Reflected XSS via uwa_auctions_bids_list vulnerability
7.1
2 days ago