org.webjars.npm:svelte (=5.53.12) potentially affected by CVE-2026-42570 via org.webjars.npm:devalue (=5.6.4)

org.webjars.npm:devalue MAVEN version =5.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:devalue and may be impacted: - org.webjars.npm:svelte =5.53.12 Source cves: CVE-2026-42570 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16697434...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-27448 DESCRIPTION: pyOpenSSL is a Python wrappe...

CVE-2026-39572

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retrieve Embedded Sensitive Data.This issue affects Bus Ticket Booking with Seat Reservation: from n/...

CVE-2026-25306 WordPress XStore Core plugin <= 5.6.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows Reflected XSS.This issue affects XStore Core: from n/a through = 5.6.4...

Improper Validation of Specified Type of Input

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the hydrate function that can accept proto keys...

CVE-2026-25451

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in boldthemes Bold Page Builder bold-page-builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through = 5.6.9...

CVE-2018-18200

There is a SQL injection in Benutzerverwaltung in REDAXO before 5.6.4...

EUVD-2018-9937

Malware in sbrugna...

EUVD-2024-35721

Malicious code in bioql PyPI...

EUVD-2022-15614

Malicious code in bioql PyPI...

EUVD-2022-15788

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-0476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. CVE-2022-0476 Note that Nessus relies on the presence of the package as reported by the...

Linux Distros Unpatched Vulnerability : CVE-2022-0713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. CVE-2022-0713 Note that Nessus relies on the presence of the package as report...

Linux Distros Unpatched Vulnerability : CVE-2016-7420

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypto++ aka cryptopp through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended i...

CVE-2018-21004

The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection...

WordPress Filebird Plugin <= 5.6.3 is vulnerable to Insecure Direct Object References (IDOR)

Software Filebird Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-2346 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 800a2ac6f56e Credits Tim Coen Required...

WordPress WP EasyCart Plugin <= 5.6.3 is vulnerable to SQL Injection

Software WP EasyCart Type Plugin Vulnerable versions = 5.6.3 Fixed in 5.6.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3211 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 68d2c07621df Credits Krzysztof Zając Required privilege Contributor Publish...

PT-2023-26407 · Enfold · Enfold

Name of the Vulnerable Software and Affected Versions: Enfold - Responsive Multi-Purpose Theme versions n/a through 5.6.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

WordPress Enfold Theme <= 5.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Enfold Type Theme Vulnerable versions = 5.6.4 Fixed in 5.6.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-38400 Patch priority Medium CVSS severity Medium 7.1 Developer Kriesi PSID 33a791c850de Credits Rafie Muhammad Patchstack Required privilege...

SUSE CVE-2022-0476

Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4...