Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

MAL-2026-4449 Malicious code in @tailwind-core/oxide-win32-x64-msvc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93cb69a6f12f5739ab03d78641f2a79179750b6182f65ba5b8fb8ec4a1399bc The package name @tailwind-core/oxide-win32-x64-msvc impersonates the legitimate Tailwind CSS scope @tailwindcss published by tailwindlabs. The READM...

CVE-2025-15369 Xpro Addons — 140+ Widgets for Elementor <= 1.5.0 - Missing Authorization to Unauthenticated Xpro Template Creation

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getcontenteditor function in all versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to create...

EUVD-2026-31019

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...

CVE-2026-7284

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress (up to version 1.4.4) is affected by unauthenticated privilege escalation. The issue arises from the easyel_handle_register function not restricting the allowed user roles during registration, enabling an attacker t...

PT-2026-42071

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyel handle register' function not restricting what user roles a user can register with...

ALSA-2026:18479 Important: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shi...

CVE-2018-25319 Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myeventsid parameter. Attackers can send GET requests to the eventadd.php page with malicious myeventsid values to extract o...

CVE-2018-25319 Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myeventsid parameter. Attackers can send GET requests to the eventadd.php page with malicious myeventsid values to extract o...

CVE-2018-25319

Vulnerability summary: Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection in the event_add.php flow via the myevents_id parameter. The issue can be exploited by authenticated users sending crafted GET requests to the event_add.php endpoint to influence database queries and potentially extr...

REDAXO-AddOn: MyEvents SQL注入漏洞

REDAXO-AddOn: MyEvents is a multilingual event management plugin developed by Joachim Wendenburg. Version 2.2.1 of REDAXO-AddOn: MyEvents contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the myeventsid parameter, potentially allowing authenticated...

PT-2026-41545

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents id parameter. Attackers can send GET requests to the event add.php page with malicious myevents id values to extrac...

EUVD-2026-30261

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletag' parameter in all versions up to, and including, 1.7.1058 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2026-5193

Vulnerability summary (CVE-2026-5193) : The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is susceptible to privilege escalation in all versions up to and including 6.5.13. The root cause is insufficient role validation in the register_user function, ...

CVE-2026-3425

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter of the 'getcontent' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to include and...

Exploit for CVE-2026-29204

CVE-2026-29204 — WHMCS client area addon context PoC Proof-of...

EUVD-2026-29551

Insufficient ownership checks in clientarea.php allow an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account...

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

CVE-2026-29204

CVE-2026-29204 concerns insufficient ownership checks in the PHP script clientarea.php, enabling an authenticated client to submit requests using another user’s addonId and access the victim’s resources and their cPanel account. The connected documents confirm this is a high-severity issue with e...

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...