WordPress CM Header & Footer Script Loader plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CM Header and Footer versions = 1.2.0...

firmware_loader: Fix possible resource leak in fw_log_firmware_info()

...

The vulnerability in the module/loaders/loader_ico.c component of the Imlib2 image processing library allows a attacker to cause a service failure.

The vulnerability in the modules/loaders/loaderico.c component of the Imlib2 image processing library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Malicious code in bindbc-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3969ce36d361753fe46f849a0dba26b4548e7c90bec80c86390c47bb429ec9bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-603 Malicious code in bindbc-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3969ce36d361753fe46f849a0dba26b4548e7c90bec80c86390c47bb429ec9bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PYSEC-2025-58

vLLM is a library for LLM inference and serving. vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weightsonly parameter defaults to False. When torch.load loads malicious...

Malicious code in custom-colors-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 032f8182b803592f8c4bcf04cdc223b43ac526a86a9e8a273bcc8177682b96f6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload,...

Malicious code in vue-loader-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c22e5d514334329c3b75f951d755b2a3ef9e122863f7c437530413cd6c49b986 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-257 Malicious code in vue-loader-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c22e5d514334329c3b75f951d755b2a3ef9e122863f7c437530413cd6c49b986 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the UEFI loader in Howyar Reloader for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the UEFI loader in Howyar Reloader for Windows systems involves loading code without checking its integrity. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Termius 安全漏洞

Termius is an SSH client from Termius, Inc. A security vulnerability exists in Termius versions prior to 9.9.0 that originates from allowing a local attacker to execute arbitrary code via a specially crafted script in the DYLDINSERTLIBRARIES component...

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2025-1040)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : rtnetlink: Correct nested IFLAVFVLANLIST attribute validationCVE-2024-36017 netfilter: nftables: Fix potential data-race in...

CVE-2024-56232

Cross-Site Request Forgery CSRF vulnerability in Alex Volkov WP Nice Loader wp-nice-loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through = 0.1.0.4...

CVE-2024-56232

Cross-Site Request Forgery CSRF vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4...

CVE-2024-56232

CVE-2024-56232 : In WP Nice Loader (WordPress plugin wp-nice-loader), a Cross-Site Request Forgery (CSRF) condition enables Stored XSS. Affected versions are up to and including 0.1.0.4. Public references in RH and WD entries confirm the CSRF-to-Stored XSS behavior, but no fix/version is specifie...

CVE-2024-56232 WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alex Volkov WP Nice Loader wp-nice-loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through = 0.1.0.4...

CVE-2024-56232 WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alex Volkov WP Nice Loader wp-nice-loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through = 0.1.0.4...

WordPress plugin WP Nice Loader 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site reques...

PT-2024-37073 · Simofa · Simofa

Name of the Vulnerable Software and Affected Versions: Simofa versions prior to 0.2.7 Description: Simofa is a tool to help automate static website building and deployment. Due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require...