DRUPAL-CONTRIB-2026-004

This module integrates the AT Internet Piano Analytics service. The module does not filter administrator-entered text leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

PT-2026-2969

This module integrates the AT Internet Piano Analytics service. The module does not filter administrator-entered text leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004

This module integrates the AT Internet Piano Analytics service. The module does not filter administrator-entered text leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

PT-2026-2980

Name of the Vulnerable Software and Affected Versions Drupal AT Internet Piano Analytics versions 0.0.0 through 1.0.0 Drupal AT Internet Piano Analytics versions 2.0.0 through 2.3.0 Description The AT Internet Piano Analytics module for Drupal contains a Cross-Site Scripting XSS issue. The module...

CVE-2025-15057

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fh fingerprint parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. This makes it...

Security Bulletin: Due to use of Apache Commons Text, IBM Operations Analytics - Log Analysis is affected by Remote Code Execution Attacks

Summary Apache Commons Text in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the string manipulation and interpolation. CVE-2025-46295. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features...

EUVD-2026-1984

Malicious code in analytics-browser npm...

Malicious Package

Overview analytics-browser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in analytics-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d14b7ad7441a8663be12ffffb8132ef2a0b0124006d5df1b3448d6f722e4f808 The package analytics-browser was found to contain malicious code. Source: ghsa-malware...

MAL-2026-214 Malicious code in analytics-browser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d14b7ad7441a8663be12ffffb8132ef2a0b0124006d5df1b3448d6f722e4f808 The package analytics-browser was found to contain malicious code. Source: ghsa-malware...

CVE-2026-22517

Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through = 2.10.0...

Behavioral Analytics for Continuous Insider Threat Detection in Zero-Trust Architectures

Insider threats are a particularly tricky cybersecurity issue, especially in zero-trust architectures ZTA where implicit trust is removed. Although the rule of thumb is never trust, always verify, attackers can still use legitimate credentials and impersonate the standard user activity. In...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial-of-Service (DoS) due to use of jose4j library

Summary jose.4.j library in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the secure token-based authentication and encryption mechanisms. CVE-2024-29371. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.5, an attacker can cause a...

CVE-2023-40658

A reflected XSS vulnerability was discovered in the Clicky Analytics Dashboard module for Joomla...

CVE-2018-4397

Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS...

CVE-2021-22020

The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server...

CVE-2021-22005

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file...

CVE-2016-10912

The universal-analytics plugin before 1.3.1 for WordPress has XSS...

CVE-2022-23683

Authenticated command injection vulnerabilities exist in the AOS-CX Network Analytics Engine via NAE scripts. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system, leading to a complete...

CVE-2017-18556

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues...