5824 matches found
WordPress plugin MaxCube 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin Harper 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin EasyEat 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
WordPress plugin Militarology 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Malicious Package
Overview twilio-voice-react-native-reference-server is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
WordPress plugin Hub Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview next is a react framework. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP request to a vulnerable Server Function...
Malicious code in jsonschema-utf8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...
MAL-2025-192436 Malicious code in jsonschema-utf8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 61bf4fa82a7c398e580d547d641bc19e3b16ba446191da04f39dcf9cf9a41eab Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...
Malicious code in loguru-utf8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e20933ac001bbe12fd7962f9e12208f3224c836f3deba7669a649165232e0b78 Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...
MAL-2025-192435 Malicious code in loguru-utf8 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e20933ac001bbe12fd7962f9e12208f3224c836f3deba7669a649165232e0b78 Package clones a popular package loguru, jsonschema, .... While it claims to have some additional features, the real change is an added compiled native library...
Malicious Package
Overview native-component-list is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Gogs 安全漏洞
Gogs Go Git Service is a self-service Git hosting service based on the Go language by the Gogs team, which supports creating and migrating public/private repositories, adding and removing repository collaborators, and so on. A security vulnerability exists in Gogs, which stems from the mishandlin...
WordPress plugin Select Core 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Fashion 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
HummerCloud HummerRisk 安全漏洞
HummerCloud HummerRisk is an open source cloud-native security platform from China's HummerCloud, which solves security and governance issues in cloud-native environments in a non-intrusive way, with core capabilities including security governance for hybrid clouds and cloud-native security...
Malicious code in native-component-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a5b5fc0df7145b301573dc029802ddf1c8f351945d0877d43e499a34192673f The package native-component-list was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-201471
Malicious code in native-component-list npm...
MAL-2025-192345 Malicious code in native-component-list (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a5b5fc0df7145b301573dc029802ddf1c8f351945d0877d43e499a34192673f The package native-component-list was found to contain malicious code. Source: ghsa-malware...
GHSA-CMP6-M4WJ-Q63Q yawkat LZ4 Java has a possible information leak in Java safe decompressor
Summary Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lea...