Malicious code in neuralforge-ml (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c0a68c3ef2f7680eab753f62cc1792ae7df68bb15400e09971cc9c34a444307b The package contains stub code only imitating real actions. Starting with version 0.9.9, the code contains exfiltration capability activated under specific...

SUSE CVE-2026-34601

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In xmldom versions 0.6.0 and prior and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9, xmldom/xmldom allows attacker-controlled strings containing the CDATA terminator to be inserted into a...

CLEANSTART-2026-CE02533 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2025-62820, CVE-2026-30836, CVE-2026-33186, ghsa-p77j-4mvh-x3m3, ghsa-q4r8-xm5f-56gw applied in versions: 0.10.1-r0, 0.9.10-r0, 0.9.9-r0, 0.9.9-r1

Multiple security vulnerabilities affect the step-issuer package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

CVE-2026-26198

CVE-2026-26198 — ormar (Python async ORM) is affected in versions 0.9.9 through 0.22.0. The vulnerability arises in aggregate queries where the ORM passes user-supplied column names directly into sqlalch emy.text() without validation for min() and max(), allowing attacker-controlled strings to be...

EUVD-2025-203311

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

AZL-72379 CVE-2025-67899 affecting package uriparser 0.9.8-3

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

AZL-72862 CVE-2025-67899 affecting package uriparser 0.9.7-2

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

CVE-2025-67899

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas...

Uriparser 安全漏洞

Uriparser is a strictly Rfc 3986 compliant Uri parsing and processing library written in C89. A security vulnerability exists in Uriparser version 0.9.9 and earlier, which stems from allowing infinite recursion and stack consumption...

EUVD-2007-1782

Malware in sbrugna...

org.webjars.bower:angular-trix (=1.0.2), org.webjars.bower:github-com-sachinchoolur-angular-trix (=1.0.2) potentially affected by CVE-2025-46812 via org.webjars.bower:trix (=0.9.9)

org.webjars.bower:trix MAVEN version =0.9.9 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bower:trix and may be impacted: - org.webjars.bower:angular-trix =1.0.2 - org.webjars.bower:github-com-sachinchoolur-angular-trix =1.0.2 Source cves...

CVE-2024-13686

The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vwstorefrontresetallsettings function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress VW Storefront theme <= 0.9.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Reset vulnerability discovered by Peter Thaleikis in WordPress Theme VW Storefront versions = 0.9.9...

CVE-2024-56018

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BU Web Team BU Section Editing bu-section-editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through = 0.9.9...

WordPress BU Section Editing plugin <= 0.9.9 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin BU Section Editing versions = 0.9.9...

WordPress plugin BU Section Editing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Legacy ePlayer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...