515 matches found
EUVD-2023-38449
Malicious code in bioql PyPI...
CVE-2025-54674
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
MAL-2025-14141 Malicious code in afisha-ab-configurator (npm)
The package afisha-ab-configurator was found to contain malicious code...
Malicious code in afisha-ab-configurator (npm)
The package afisha-ab-configurator was found to contain malicious code...
CVE-2025-54674
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4...
CVE-2025-54674
CVE-2025-54674 concerns the WordPress plugin Product Configurator for WooCommerce (mklacroix) and is a CSRF vulnerability affecting versions up to and including 1.4.4. The CVE entry is supported by multiple sources noting a CSRF flaw that can be triggered in authenticated user sessions, with CVSS...
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
WordPress plugin Product Configurator for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-33227 · WordPress · Staggs Product Configurator For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Configurator for WooCommerce versions n/a through 1.4.4 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge...
ai.swim:swim-js (=3.10.0), ai.swim:swim-vm (=3.10.0) +3052 more potentially affected by CVE-2025-50106 via org.graalvm.sdk:graal-sdk (>=19.0.0 <=21.0.0.2)
org.graalvm.sdk:graal-sdk MAVEN version =19.0.0, =0.0.1, =0.1.5, =0.1.5, =0.0.2, =0.0.2, =1.5.1, =1.0.0, =1.0.2, =1.0.0, =1.0.2, =1.0.2, =1.1.4 and more Source cves: CVE-2025-50106 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-11998131...
MAL-2025-5887 Malicious code in agent-configurator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e65ce26b3c1e446de253231422a7c11c3d90e68dcd8caab1efbdba56150e10a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in agent-configurator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e65ce26b3c1e446de253231422a7c11c3d90e68dcd8caab1efbdba56150e10a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in oneapi-environment-configurator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b59cc2d584cc83aeb72d1b1e463e2f4423a81b86d2fa4b7a2bdcf7867bba348 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5713 Malicious code in oneapi-environment-configurator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b59cc2d584cc83aeb72d1b1e463e2f4423a81b86d2fa4b7a2bdcf7867bba348 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in vscode-oneapi-environment-configurator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8b4992dcea3340ef6012db58cede2756b194c824f67c49b3ebae3b30a9b946c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in oneapi-analysis-configurator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62a408f2d5e2b67773b97c7a264f55597c4afd65c8bd0858394b6fbff152ec17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-5712 Malicious code in oneapi-analysis-configurator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62a408f2d5e2b67773b97c7a264f55597c4afd65c8bd0858394b6fbff152ec17 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-51907
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codemenschen WP Virtual Room Configurator configure-conference-room allows Stored XSS.This issue affects WP Virtual Room Configurator: from n/a through = 1.0.0...
CVE-2023-1893
The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators...