EUVD-2014-1339

Malware in sbrugna...

EUVD-2025-27596

Malicious code in bioql PyPI...

CVE-2025-59038

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fix...

Prebid.js NPM package briefly compromised

Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Patches 10.10.0 is solved References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack...

CVE-2025-59038 Prebid.js NPM package briefly compromised

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fix...

PT-2025-36995

Name of the Vulnerable Software and Affected Versions: Prebid.js versions prior to 10.10.0 Prebid.js version 10.9.2 Description: Prebid.js is a free and open source library used by publishers to implement header bidding. NPM users of version 10.9.2 may have been compromised by a malware campaign...

Mattermost Does Not Sanitize the Team Invite ID

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

PT-2025-34282 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists that may allow a remote, authenticated attacker to inject a malicious file containing an XSS script. When loaded, thi...

PT-2025-34198 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.9.x through 10.9.2 Description: Mattermost fails to sanitize path traversal sequences in...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an uncleaned Team Invitation ID, which could lead to the acquisition of a Team Invitation ID.The following versions are affected: 10.8.3 an...

Linux Distros Unpatched Vulnerability : CVE-2022-38791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to...

CVE-2023-30469

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00...

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2109 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar versions up to and including 10.9.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'booking' shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress plugin WP Booking Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

BIT-MARIADB-2022-38791

In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...

mariadb: compress_write() fails to release mutex on failure

In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...

BIT-2022-38791

In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...

MAL-2023-8288 Malicious code in @zpp/campaign-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bf91721d9ccb3de458db5333c68a7144fbf85950c53ad2ee5c0086124814a1cd The OpenSSF Package Analysis project identified '@zpp/campaign-widgets' @ 10.9.2 npm as malicious. It is considered malicious because: - The...

CVE-2023-30469

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00...