Malicious code in d3plus-layout (npm)

The package d3plus-layout was found to contain malicious code...

Malicious code in encrypt-layout-helper (npm)

The package encrypt-layout-helper was found to contain malicious code...

Malicious code in respace-ui-layout (npm)

The package respace-ui-layout was found to contain malicious code...

MAL-2025-14076 Malicious code in additor-react-grid-layout (npm)

The package additor-react-grid-layout was found to contain malicious code...

CVE-2025-20148

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to inject arbitrary HTML content into a device-generated document. This vulnerability is due to improper validation of user-supplied data. An...

CVE-2025-20148

CVE-2025-20148 affects Cisco Secure Firewall Management Center (FMC) Web UI. The flaw arises from improper validation of user-supplied data, enabling an authenticated attacker (requires at least a Security Analyst, Read Only) to inject arbitrary HTML into device-generated documents. Consequences ...

DRUPAL-CONTRIB-2025-097

The Layout Builder Advanced Permissions module enables you to have fine grained control over who can do what in editing pages built with Layout Builder. The module doesn't sufficiently control access for adding sections in the submodule. This vulnerability is mitigated by the fact that an attacke...

CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2025-6715

CVE-2025-6715 affects the LatePoint WordPress plugin up to version 5.1.93; it allows unauthenticated Local File Inclusion via the layout parameter, enabling potential execution of PHP code on the server. Red Hat and other sources confirm the issue and indicate a fix is available in version 5.1.94...

CVE-2025-6715 Latepoint < 5.1.94 - Unauthenticated LFI

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2025-6715 Latepoint < 5.1.94 - Unauthenticated LFI

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

The Layout Builder Advanced Permissions module enables you to have fine grained control over who can do what in editing pages built with Layout Builder. The module doesn't sufficiently control access for adding sections in the submodule. This vulnerability is mitigated by the fact that an attacke...

PT-2025-32966 · WordPress · Latepoint Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: LatePoint WordPress plugin versions prior to 5.1.94 Description: The LatePoint WordPress plugin is susceptible to a Local File Inclusion issue via the layout parameter. This allows attackers to include and execute PHP files on the server,...

VulnCheck KEV: CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

Drupal Layout Builder Advanced Permissions module < 2.2.1 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Eelke Blok eelkeblok in WordPress Module Layout Builder Advanced Permissions versions 2.2.1...

BIT-LIBPHP-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

Malicious code in isotopet4s-layout (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89341dbe7c72a6b4924313c2697d976b5570b3c9056de1b6ebf35ad41337387d The OpenSSF Package Analysis project identified 'isotopet4s-layout' @...

MAL-2025-6842 Malicious code in isotopet4s-layout (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 89341dbe7c72a6b4924313c2697d976b5570b3c9056de1b6ebf35ad41337387d The OpenSSF Package Analysis project identified 'isotopet4s-layout' @...

Linux Distros Unpatched Vulnerability : CVE-2024-44959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization...

Linux Distros Unpatched Vulnerability : CVE-2025-38393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFSLAYOUTDRAIN We found a few different systems hung up in...