PT-2026-1237

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System 1.0 that allows for remote SQL injection. The issue is located in the file '/admin/edit activity query.php', specifically...

itsourcecode Society Management System SQL注入漏洞

itsourcecode Society Management System is an itsourcecode open source society management system. A SQL injection vulnerability exists in version 1.0 of itsourcecode Society Management System, which stems from an incorrect manipulation of the parameter Title in the file /admin/editactivityquery.ph...

Malicious code in rules-deployer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 849a58d27ed0090633a72330c705b5849146aa1493961574c6a11dc758e28e34 The package rules-deployer was found to contain malicious code. Source: ossf-package-analysis...

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...

EUVD-2025-205914

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...

CVE-2025-62760 WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode bp-activity-shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through = 1.1.8...

CVE-2025-62760

CVE-2025-62760 refers to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in the BuddyPress Activity Shortcode plugin. According to the Wordfence Vulnerability report, the affected component is the BuddyPress Activity Shortcode, with versions up to and including 1.1.8. It is categ...

WordPress BuddyPress Activity Shortcode plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BuddyPress Activity Shortcode versions = 1.1.8...

WordPress Activity Plus Reloaded for BuddyPress plugin <= 1.1.1 - Authenticated (Subscriber+) Blind Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Blind Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Activity Plus Reloaded for BuddyPress versions = 1.1.1...

PT-2025-54302

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Activity Shortcode allows Stored XSS.This issue affects BuddyPress Activity Shortcode: from n/a through 1.1.8...

MAL-2025-192960 Malicious code in kcheck (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 660a47461992421159d386fb5e8ce14c3c794e8059b276d4de539ca2235d8780 The package kcheck was found to contain malicious code. Source: ghsa-malware 9666f7f55b90b84ee1e458016ed3eb475f26465bcf2d4fbe690a142c3a53e311 Any...

Malicious code in ugc-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd0991cb1cc7098930838b404210022aa2667d78f2884417f449d85e90fb12 The package ugc-kit was found to contain malicious code. Source: ghsa-malware 4e44ecda4e96910709480e50046146e482992e36fb2e8429211e1f653376d123 Any...

MAL-2025-192951 Malicious code in ugc-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2ffd0991cb1cc7098930838b404210022aa2667d78f2884417f449d85e90fb12 The package ugc-kit was found to contain malicious code. Source: ghsa-malware 4e44ecda4e96910709480e50046146e482992e36fb2e8429211e1f653376d123 Any...

MAL-2025-192944 Malicious code in backstage-plugin-glean (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 824531546cd7527be37fc4aa5ca2020424a1ecf090eaba3a8974105871c0931f The package backstage-plugin-glean was found to contain malicious code. Source: ghsa-malware...

Malicious code in magic-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dea39f25cc72cc9ab080d6f35ef68c9a061a8df5fe184194798109dad36faa5 The package magic-poc was found to contain malicious code. Source: ghsa-malware 89ec0cb0d10ed48f38fd79d080a40f46510b46211da23e64a2c72d9b053cb73b Any...

MAL-2025-192939 Malicious code in magic-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dea39f25cc72cc9ab080d6f35ef68c9a061a8df5fe184194798109dad36faa5 The package magic-poc was found to contain malicious code. Source: ghsa-malware 89ec0cb0d10ed48f38fd79d080a40f46510b46211da23e64a2c72d9b053cb73b Any...

Malicious code in ing-feat-pis-single-payments (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94bc97753b6e7a9fa1430482f3266bf40e985ab97ef48bbd35a8d7fd8f404ca6 The package ing-feat-pis-single-payments was found to contain malicious code. Source: ossf-package-analysis...

CERTFR-2025-ACT-056

creationtimestamp| type| source ---|---|--- 2025-12-22 13:56:42+00:00| seen| https://bsky.app/profile/cert-fr.bsky.social/post/3malf7z6yfx2c 2025-12-22 13:56:43+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/115763563781757176 2025-12-28 01:17:54+00:00| seen|...