26 matches found
CVE-2026-3772
The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...
CVE-2026-3772
The CVE-2026-3772 entry concerns the WP Editor WordPress plugin. A CSRF vulnerability exists in all versions up to and including 1.2.9.2 due to missing nonce verification in the add_plugins_page and add_themes_page functions. This can allow unauthenticated attackers to overwrite arbitrary plugin ...
CVE-2026-28427
OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By including ../ sequences in the request path, an attacker can traverse outside the intended...
PT-2026-23044
Name of the Vulnerable Software and Affected Versions OpenDeck versions prior to 2.8.1 Description OpenDeck is Linux software for the Elgato Stream Deck. The service listening on port 57118 serves static files for installed plugins without proper path sanitization. An attacker can use '../'...
CVE-2026-26974
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
CVE-2026-26974
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
CVE-2026-26974 Sylde has Improper Control of Generation of Code
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
CVE-2026-26974 Sylde has Improper Control of Generation of Code
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
CVE-2026-26974 Sylde has Improper Control of Generation of Code
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
CVE-2026-26974
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
PT-2026-4737
Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...
EUVD-2015-7455
Malware in sbrugna...
Malicious code in avalon-plugin-files (npm)
The package avalon-plugin-files was found to contain malicious code...
MAL-2025-15180 Malicious code in avalon-plugin-files (npm)
The package avalon-plugin-files was found to contain malicious code...
CVE-2025-47787
Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation...
Helm's Missing YAML Content Leads To Panic
A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Impact When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when...
MilleGPG5 5.9.2 Local Privilege Escalation
Exploit Title: MilleGPG5 5.9.2 Gennaio 2023 - Local Privilege Escalation / Incorrect Access Control Date: 2023-04-28 Exploit Author: Andrea Intilangelo Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it - https://millewin.it/prodotti/governo-clinico-3/ Software Link:...
CVE-2022-38123
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...
Input validation
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...
CVE-2022-38123 Insufficient validation of plugin files
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0...