Malicious Package

Overview tailwindcss-animation-modern is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in tailwindcss-animation-modern (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6fbd472c63dae399a454decb6c6c097b7ae23766e0962ec081f0ad685ea451 The package tailwindcss-animation-modern was found to contain malicious code. Source: ghsa-malware...

MAL-2026-754 Malicious code in tailwindcss-animation-modern (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6fbd472c63dae399a454decb6c6c097b7ae23766e0962ec081f0ad685ea451 The package tailwindcss-animation-modern was found to contain malicious code. Source: ghsa-malware...

WordPress Enter Addons plugin <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Animation Title widget img tag vulnerability discovered by Sebastião Gavião Sebastgav - Gavsec in WordPress Plugin Enter Addons versions = 2.1.5...

WordPress Elementor Addon Elements plugin <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id and eaeslideranimation Parameters vulnerability discovered by stealthcopter in WordPress Plugin Elementor Addon Elements versions = 1.13.5...

WordPress Confetti Fall Animation plugin <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via confetti-fall-animation Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Confetti Fall Animation versions = 1.3.1...

WordPress ConvertForce Popup Builder plugin <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation vulnerability

Stored Cross-Site Scripting via entranceanimation vulnerability discovered by WordFence in WordPress Plugin ConvertForce Popup Builder versions = 0.0.7...

Malicious Package

Overview @douinfe/semi-animation-styled is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

MiracleLinux 9 : firefox-128.3.1-2.el9_4.ML.1 (AXSA:2024-8908:34)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8908:34 advisory. firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : firefox-128.3.1-2.el8_10.ML.1 (AXSA:2024-8909:35)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8909:35 advisory. firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : thunderbird-128.3.1-1.el8_10.ML.1 (AXSA:2024-8910:25)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8910:25 advisory. firefox: Use-after-free in Animation timeline 128.3.1 ESR Chemspill CVE-2024-9680 Tenable has extracted the preceding description block directly from the...

CVE-2025-14506

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-14506 ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-14506 ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-14506

CVE-2025-14506 affects the WordPress plugin ConvertForce Popup Builder (versions up to 0.0.7). The issue is Stored Cross-Site Scripting via the Gutenberg block’s entrance_animation attribute caused by insufficient input sanitization and output escaping. The vulnerability can be exploited by authe...

EUVD-2026-1848

The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's entranceanimation attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2026-1744

Name of the Vulnerable Software and Affected Versions ConvertForce Popup Builder plugin for WordPress versions up to and including 0.0.7 Description The ConvertForce Popup Builder plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitizatio...

CVE-2008-7148

Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file...

CVE-2011-0501

Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in a .mamx file...

CVE-2025-23948

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Webarea Background animation blocks background-animation-blocks allows PHP Local File Inclusion.This issue affects Background animation blocks: from n/a through = 2.1.5...