Malicious code in iron-menu-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c995f11c44e1f5cd41f7a3c63d4070a2d738168a7fcc5a61f8f9e8ddbd6f00c The package iron-menu-behavior was found to contain malicious code. Source: ghsa-malware...

MAL-2026-1311 Malicious code in iron-menu-behavior (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4c995f11c44e1f5cd41f7a3c63d4070a2d738168a7fcc5a61f8f9e8ddbd6f00c The package iron-menu-behavior was found to contain malicious code. Source: ghsa-malware...

CVE-2018-25187

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the men...

CVE-2018-25187

Tina4 Stack 1.0.3 is affected by multiple vulnerabilities: an unauthenticated SQL injection and a database file download. The description states attackers can directly request the kim.db file to obtain user credentials and password hashes, and can inject SQL code via the menu endpoint to manipula...

PT-2026-23697

Name of the Vulnerable Software and Affected Versions Tina4 Stack version 1.0.3 Description Tina4 Stack version 1.0.3 has multiple issues that allow unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database...

February 24, 2026—KB5077241 (OS Builds 26200.7922 and 26100.7922) Preview

February 24, 2026—KB5077241 OS Builds 26200.7922 and 26100.7922 Preview ​​​​​This non-security update for Windows 11, version 25H2 and 24H2 KB5077241, improves functionality, performance, and reliability. To learn more about differences between security updates, optional non-security preview...

CVE-2025-68845

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-68845

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-68845 WordPress eDS Responsive Menu plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-68845 WordPress eDS Responsive Menu plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Reflected XSS.This issue affects eDS Responsive Menu: from n/a through = 1.2...

CVE-2025-68845

CVE-2025-68845 corresponds to a Reflected XSS in the WordPress plugin “eDS Responsive Menu” (eds-responsive-menu) by aThemeArt Translations. The vulnerability stems from improper input neutralization during web page generation, allowing reflected cross-site scripting. Affected range: eds-responsi...

WordPress plugin eDS Responsive Menu 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-21107

Name of the Vulnerable Software and Affected Versions aThemeArt Translations eDS Responsive Menu versions through 1.2 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential Reflected Cross-site Scripting XSS conditio...

CVE-2026-1046

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

CVE-2026-1046 Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

CVE-2026-1046

Mattermost Desktop App versions

CVE-2026-1046 Arbitrary application execution via unvalidated server-controlled URLs in Help menu

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

PT-2026-8342

Name of the Vulnerable Software and Affected Versions Mattermost versions 5.2.13.0 and earlier, versions 6.0 and 6.2.0 and earlier Description The Mattermost Desktop App does not properly validate help links. This allows a malicious Mattermost server to execute arbitrary executables on a user’s...

ARGUS

ARGUS - All-seeing Recon & General Unified Security...

CVE-2026-1910 UpMenu <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'upmenu-menu' Shortcode 'lang' Attribute

The UpMenu – Online ordering for restaurants plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lang' attribute of the 'upmenu-menu' shortcode in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on user supplied...