PT-2025-30061

Name of the Vulnerable Software and Affected Versions form-data versions 2.5.4 form-data versions 3.0.0 through 3.0.3 form-data versions 4.0.0 through 4.0.3 Description A vulnerability exists in the form-data JavaScript library due to the use of insufficiently random values when generating bounda...

CVE-2025-53569

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

CVE-2025-2537

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-53569

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

CVE-2025-53569 WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

CVE-2025-53569

CVE-2025-53569 covers a CSRF vulnerability in the Trust Payments Gateway for WooCommerce (JavaScript Library). The issue affects the plugin’s JavaScript library up to and including version 1.3.6. The connected sources consistently describe CSRF as the flaw, with no explicit exploit details provid...

CVE-2025-53569 WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

WordPress plugin Trust Payments Gateway for WooCommerce (JavaScript Library) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Magnific Popups JavaScript Library < 1.2.0 - Contributor+ Stored XSS

Description Multiple plugins are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

GHSA-994J-5C83-R424 string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

CVE-2025-45526

A denial of service DoS vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content e.g., 100...

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat By Trellix · June 18, 2025 This blog was also written by Trishaan Kalra Introduction What happens when a trusted open source library becomes a conduit for stealthy malware delivery? That question became reality when the...

GHSA-WGC6-9F6W-H8HX Withdrawn Advisory: microlight allows a denial of service

Withdrawn Advisory This advisory has been withdrawn because the proof of concept does not demonstrate a practical security impact. This link is maintained to preserve external references. Original Description A denial of service DoS vulnerability has been identified in the JavaScript library...

CVE-2025-45526

A denial of service DoS vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content e.g., 100...

CVE-2025-45526

The CVE-2025-45526 entry concerns microlight v0.0.7, where the reset function in microlight.js can consume excessive memory/CPU when processing extremely large content in elements with the microlight class. This can lead to browser crashes or unresponsiveness, effectively a DoS, with exploitation...

brace-expansion 安全漏洞

brace-expansion is a Brace extension in JavaScript by the individual developer Julian Gruber. A security vulnerability exists in brace-expansion version 1.1.11 and earlier, which stems from an inefficient regular expression complexity in the function expand...

CVE-2025-48370

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

CVE-2024-38989

izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2021-41167

modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they...

Malicious code in js-lib-const (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02a729f8e6b9c15dea0d5d98728a6fa1585580d7c06587bd998cfb8e8a17760b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...