56644 matches found
CVE-2026-9065
SureCart
MAL-2026-4500 Malicious code in bricks-builder-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...
Malicious code in bricks-builder-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ad643457c1104b8f118971a9ee95702f2126a16f33a4ec9dfd8ed21c43fc1eb bricks-builder-mcp is a Model Context Protocol server exposing WordPress/Bricks Builder editing tools page JSON edits, media uploads, custom CSS/JS...
CVE-2026-9059 NextGEN Gallery - SQL Injection
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...
CVE-2026-9059
NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function 'cleancolumn' in the data mapper layer that uses a...
CVE-2026-9059
NextGEN Gallery (WordPress) versions prior to 4.2.1 are vulnerable to an authenticated SQL injection. The issue is in the data mapper layer where _clean_column() uses a blacklist instead of a whitelist, allowing an authenticated attacker with the Administrator role (NextGEN Gallery overview capab...
MAL-2026-4581 Malicious code in idlidosa (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93244f4468caec1832fe03d87c7403d7ab1dac835f12605a35667acfd3b87c39 The package ships shared/keys.json containing 9 AES-256-GCM-encrypted Groq API keys. The decryption key is a fixed byte sequence 'pageai-pool-v2'...
CVE-2026-7385
The Decent Comments WordPress plugin (prior to version 3.0.2) exposes comment author and post author email addresses via its REST API without access restrictions, enabling unauthenticated users to enumerate registered email addresses. Root cause: insufficient access controls on the REST endpoint....
CVE-2026-7385 Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...
CVE-2026-7385 Decent Comments < 3.0.2 - Unauthenticated Email Address Disclosure
The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated attackers to enumerate registered user email addresses...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel up to version 6.7.1, there is a use-after-free in cecqueuemsgfh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c...
Astra Linux - уязвимость в openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Security. The supported versions affected by this vulnerability are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9,...
Astra Linux - уязвимость в chromium
Before version 103.0.5060.134, using the "after free" method in the Service Worker API in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
In the V8 API of Google Chrome, before version 124.0.6367.78, reading out of bounds allowed a remote attacker to leak cross-site data through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89: pci: Configure manual DAC mode via PCI config API only To support 36-bit DMA, configure the chip’s proprietary bit via the PCI config API or the chip’s DBI interface. However, the PCI device’s mmap is not set yet, an...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: virtio: Packed data – fix an unmap leak for the indirect desc table When usedmaapi and premapped are set to true, dounmap is false. Since dounmap is false, vringunmapextrapacked is not called by detachbufpacked. The following cod...
Astra Linux - уязвимость в firefox
The Performance API did not properly hide the fact that whether a request to a cross-origin resource has observed redirects. This vulnerability affects Firefox versions less than 100...
Astra Linux - уязвимость в firefox
tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...
Astra Linux - уязвимость в firefox, thunderbird
When using X11, text selected by the page using the Selection API is erroneously copied into the primary selection, a temporary storage similar to the clipboard. This bug only affects Firefox on X11. Other systems are unaffected. This vulnerability affects Firefox versions earlier than 120, Firef...
Astra Linux - уязвимость в linux-5.15
A memory leak flaw was discovered in nftsetcatchallflush in net/netfilter/nftablesapi.c within the Linux Kernel. This issue may allow a local attacker to cause double-deactivation of catchall elements, which can lead to a memory leak...