CVE-2025-36418

IBM ApplinX 11.1 is affected by CVE-2025-36418, a privilege-escalation issue caused by improper verification of JWT tokens. This could allow an attacker to craft or modify a JSON Web Token to impersonate another user or elevate privileges. The Red Hat/others mirrors and IBM bulletin confirm the v...

CVE-2025-36418 Multiple vulnerabilities found in IBM ApplinX.

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges...

CVE-2026-1180

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

EUVD-2026-3507

Malicious code in excel-to-json-test npm...

MAL-2026-360 Malicious code in excel-to-json-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c7026badcf8f0b9dc17b6d25ace35a5659488148496f385d17d4d3d31b036c9 The package excel-to-json-test was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview excel-to-json-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

MineAdmin improperly refreshes tokens

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

GHSA-43RR-X62X-Q96W MineAdmin improperly refreshes tokens

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

CVE-2025-14351 Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

CVE-2025-14351 Custom Fonts – Host Your Fonts Locally <= 2.1.16 - Missing Authorization to Unauthenticated Font Deletion

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

CVE-2026-1203

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

CVE-2026-1195

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

CVE-2026-1195

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

CVE-2026-1203 CRMEB JSON Token LoginServices.php remoteRegister improper authentication

A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be...

CVE-2026-1195 MineAdmin JWT Token refresh data authenticity

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

CVE-2026-1195 MineAdmin JWT Token refresh data authenticity

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

CVE-2026-1195

A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the attack remotely. The attack is considered ...

MiracleLinux 9 : thunderbird-128.3.0-1.el9_4.ML.1 (AXSA:2024-8890:22)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8890:22 advisory. thunderbird: 115.16/128.3 firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service CVE-2024-9399 firefox:...