2112 matches found
CVE-2026-57734
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...
CVE-2026-57734 WordPress tagDiv Composer plugin <= 5.4.3 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...
CVE-2026-57734
The CVE concerns WordPress tagDiv Composer (td-composer). Affected: tagDiv Composer
tagDiv Composer < 4.2 - Stored Cross-Site Scripting
tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...
Nette Framework - Remote Code Execution
Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...
WordPress tagDiv Composer < 3.5 - Authentication Bypass
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...
[SECURITY] Fedora 44 Update: composer-2.10.2-1.fc44
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
[SECURITY] Fedora 43 Update: composer-2.10.2-1.fc43
Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...
EUVD-2026-43092
vulnerability in Drupal Composer allows . This issue affects Composer versions:...
CVE-2026-11914
vulnerability in Drupal Composer allows . This issue affects Composer versions:...
CVE-2026-11914
vulnerability in Drupal Composer allows . This issue affects Composer versions:...
CVE-2026-11914 Composer - Critical - Unsupported - SA-CONTRIB-2026-046
vulnerability in Drupal Composer allows . This issue affects Composer versions:...
CVE-2026-59947
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-59946
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...
CVE-2026-59948
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...
CVE-2026-59947 Composer: URL-embedded HTTP-Basic username leaks to verbose logs (GitHub PAT exposure)
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-59947
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...
CVE-2026-59947
Composer is affected: prior to versions 2.2.29 and 2.10.2, running with -vvv could leak credentials embedded in the username slot of a repository or package URL (e.g., https://TOKEN@host/) to debug logs because AuthHelper, Url::sanitize, and ProcessExecutor did not sanitize username-only URL cred...
CVE-2026-59948 Composer: Arbitrary file write outside vendor via malicious transitive package name
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...
CVE-2026-59948
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously crafted package from an untrusted repository other than Packagist.org or Private Packagist can cause Composer to write attacker-controlled files outside the vendor directory and outside the project...