MAL-2026-165 Malicious code in @kyriba/mf-kit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa1b2dd3479a677d975d11f8fe29e2cb24cbcc3a90c05081fa1632822c7c2f5a The package @kyriba/mf-kit was found to contain malicious code. Source: ghsa-malware 5316d385b586e69d62f54165ad5c9a973bf0bdfc3ef7023a0f7f53c784bb7131...

CVE-2025-14275

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-69336

Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through = 2.9.4...

CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-14275 Jeg Elementor Kit <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-14275

CVE-2025-14275 affects Jeg Elementor Kit (WordPress) up to version 3.0.1 via Stored XSS in the countdown widget redirects. Authenticated attackers with Contributor+ can inject JavaScript that runs when an admin/user views the page containing the malicious countdown. CVSS 3.1 base score 6.4 (Netwo...

EUVD-2026-1595

The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's redirect functionality. This makes it possible for authenticated attackers, with Contributor-level...

PT-2026-1733

Name of the Vulnerable Software and Affected Versions Jeg Elementor Kit versions up to and including 3.0.1 Description The Jeg Elementor Kit plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization within the countdown widget’s redirect functionality...

WordPress plugin Jeg Elementor Kit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Speed Kit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-2189

Name of the Vulnerable Software and Affected Versions baqend Speed Kit versions through 2.0.2 Description A missing authorization issue exists in baqend Speed Kit due to incorrectly configured access control security levels. The issue allows exploitation of these levels. Recommendations Update to...

Moderate Photon OS Security Update - PHSA-2026-4.0-0942

Updates of 'aws-sdk-cpp', 'rubygem-aws-sdk-s3' packages of Photon OS have been released...

@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +10 more potentially affected by CVE-2025-69263 via pnpm (>=0.21.0 <=10.18.3)

pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =0.1.0, =3.7.16, =2.3.0, =0.1.0, =0.2.7, =1.0.4, =1.0.7 Source cves: CVE-2025-69263 Source advisory: OSV:GHSA-7VHP-VF5G-R2FW...

WordPress Jeg Elementor Kit plugin <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 3.0.1...

CVE-2019-16263

The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...

CVE-2019-16518

An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy BLE packets that specify large power or voltage values...

CVE-2024-2334

The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with autho...

WordPress Speed Kit plugin <= 2.0.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Speed Kit versions = 2.0.2...

CVE-2025-69336

Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through = 2.9.4...

CVE-2025-69336 WordPress Ultimate Store Kit Elementor Addons plugin <= 2.9.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through = 2.9.4...