PT-2026-21791

Name of the Vulnerable Software and Affected Versions Mautic versions prior to 4.4.19 Mautic versions prior to 5.2.10 Mautic versions prior to 6.0.8 Mautic versions prior to 7.0.1 Description A SQL injection issue exists in the API endpoint used for retrieving contact activities. The vulnerabilit...

MAL-2026-1040 Malicious code in react-markdown-canvas (npm)

Malicious package due to data exfiltration via Discord webhook on install. Collects IP, hostname, and date without consent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4123db6526d8c37f99fa33e2524edc97922efef6b1605dc0a8acdbf41e76cc77 The package...

Malicious code in newrubylogger (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d10fd2e8adb621ac6bb3b4cd31357213d90dd17f27cd1f01d5e8e7138686d7c2 The OpenSSF Package Analysis project identified 'newrubylogger' @ 99.9.1 rubygems as malicious. It is considered malicious because: - The packag...

Malicious code in conduit-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a7f95b03bc8b7d9992089476c92239b5de48ab75b1d3c1d13e9b231dcc79a52 The package conduit-utils was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-25331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2026-1436

Improper Access Control IDOR in the Graylog API, version 2.2.3, which occurs when modifying the user ID in the URL. An authenticated user can access other user's profiles without proper authorization checks. Exploiting this vulnerability allows valid users of the system to be listed and sensitive...

CVE-2026-25331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2026-25331

CVE-2026-25331 describes a DOM-based XSS in the WordPress plugin WP Activity Log (Melapress WP Activity Log) through improper input neutralization during web page generation. Affected range is WP Activity Log versions up to and including 5.5.4. The advisory notes this is a cross-site scripting vu...

CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2026-25331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2026-25331 WordPress WP Activity Log plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

WordPress plugin WP Activity Log 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

CVE-2025-33252

creationtimestamp| type| source ---|---|--- 2026-02-18 14:18:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5bhtpgd72s 2026-02-18 14:18:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mf5bio2fvx2s...

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition in which maps from multiple components may be accessed without synchronization. When under heavy concurrent activity, either spontaneous or attacker-generated, the process can be caused to panic and crash with fatal error...

Malicious code in vds-monarch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9fc03a6a0feff43eef44ac91f0e9ce68c422a439528842f139bf1164366c66d The package vds-monarch was found to contain malicious code. Source: ghsa-malware 23d64f4764ccc88b26aa567b6d6828093fe8d35500ac67a19ced44828073dbf4 An...

WordPress Super Page Cache plugin <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting via Activity Log vulnerability

Unauthenticated Stored Cross-Site Scripting via Activity Log vulnerability discovered by shark3y in WordPress Plugin Super Page Cache for Cloudflare versions = 5.2.2...

MAL-2026-919 Malicious code in mds-webcomponents (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b33015300fa18b6b3d2c2f1c0af0e77cbd9fa96c7af7befbe61a5422165824e package.json declares preinstall: node index.js, which runs automatically on every npm install. index.js collects os.homedir, os.hostname,...

Malicious code in http-request-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 13b29a753802db633ab987963543535999a246049761d4d29699b66edf207f13 During import, package masquerade and starts an embedded executable. The executable has signs of infostealer activity --- Category: MALICIOUS - The campaign ha...

CVE-2026-1843

The Super Page Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Activity Log in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts ...