MAL-2026-2230 Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...

CVE-2026-28353

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...

EUVD-2026-9869

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...

Trivy Action 安全漏洞

Trivy Action is a container vulnerability scanning tool developed by Aqua Security. Version 1.8.12 of Trivy Action contains a security vulnerability; this vulnerability stems from the inclusion of malicious code, which may lead to the collection and disclosure of sensitive information...

WordPress Qubely plugin <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability discovered by Nishiv - Developer in WordPress Plugin Qubely versions = 1.8.12...

EUVD-2018-0498

Malware in sbrugna...

EUVD-2017-15245

Malware in sbrugna...

EUVD-2023-56240

Malicious code in bioql PyPI...

SUSE CVE-2025-48371

OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Users are affected...

CVE-2025-26767

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through = 1.8.12...

CVE-2025-26767

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12...

WordPress plugin Qubely – Advanced Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2024-14181 · Unknown · Ai Power: Complete Ai Pack

Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack – Powered by GPT-4 versions 1.8.12 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

WordPress HD Quiz Plugin <= 1.8.11 is vulnerable to Cross Site Scripting (XSS)

Software HD Quiz Type Plugin Vulnerable versions = 1.8.11 Fixed in 1.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22161 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b20e08ed859a Credits MyungJu Kim Required privilege Administrator...

WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software GPT3 AI Content Writer Type Plugin Vulnerable versions = 1.8.12 Fixed in 1.8.13 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51528 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 803ba388c710 Credits Brandon...

WordPress Everse Theme < 1.8.12 is vulnerable to Cross Site Scripting (XSS)

Software Everse Type Theme Vulnerable versions 1.8.12 Fixed in 1.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ac81191bc6b1 Credits Rafie Muhammad Patchstack Required privile...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image scaling. A security vulnerability exists in PrestaShop Module City Autocomplete, which stems from the presence of a SQL...

SUSE CVE-2013-7112

The dissectsipcommon function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.12 and 1.10.x before 1.10.4 does not check for empty lines, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

CVE-2022-36404

Missing Authorization, Cross-Site Request Forgery CSRF vulnerability in David Cole Simple SEO WordPress plugin plugin = 1.8.12 versions...

WordPress plugin David Cole Simple SEO 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...