240 matches found
EUVD-2026-35300
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...
CVE-2026-8940
The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...
EUVD-2026-34321
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...
Malicious Package
Overview okx-nav is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in okx-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ab3eb270d52d290185b24d8da75ec720b1c6d2403eb5bfeee0127d98edff14f The package okx-nav was found to contain malicious code. Source: ghsa-malware 3961b5dc52e388cd7ea999f85a4541bfc0e083e63afad50184fea746d70d275d Any...
MAL-2026-2648 Malicious code in okx-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6ab3eb270d52d290185b24d8da75ec720b1c6d2403eb5bfeee0127d98edff14f The package okx-nav was found to contain malicious code. Source: ghsa-malware 3961b5dc52e388cd7ea999f85a4541bfc0e083e63afad50184fea746d70d275d Any...
CVE-2026-35571
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...
Malicious code in soft-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fcb60176234c23b5621ba75433f01363353d1663b1c03a19192296dd09fd913 The package soft-nav was found to contain malicious code...
MAL-2026-1852 Malicious code in soft-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fcb60176234c23b5621ba75433f01363353d1663b1c03a19192296dd09fd913 The package soft-nav was found to contain malicious code...
CVE-2025-54519
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
CVE-2025-54519
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
CVE-2025-54519
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
CVE-2025-54519
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
CVE-2025-54519
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
PT-2026-7878
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...
MAL-2026-615 Malicious code in teaser-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebbd539070b3d1fb400c41280034565422204c7bf4047b965f596d56245c345e The package teaser-nav was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in teaser-nav (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ebbd539070b3d1fb400c41280034565422204c7bf4047b965f596d56245c345e The package teaser-nav was found to contain malicious code. Source: ossf-package-analysis...
PT-2026-5502
The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc ajax WPBC FLEXTIMELINE NAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking...
Malicious Package
Overview insightvm-ui-nav-menus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
EUVD-2026-3070
Malicious code in insightvm-ui-nav-menus npm...