Malicious code in json-spacer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ca906e0f0d7b5884d939ad398cc8367cad887c10533eb833b6f043e5368bfd The package json-spacer was found to contain malicious code. Source: ghsa-malware 04db81abcbf28276b2cb30a860e8decbc485699a1db9ea9557e0595e5f86be82 An...

MAL-2026-3008 Malicious code in json-spacer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 49ca906e0f0d7b5884d939ad398cc8367cad887c10533eb833b6f043e5368bfd The package json-spacer was found to contain malicious code. Source: ghsa-malware 04db81abcbf28276b2cb30a860e8decbc485699a1db9ea9557e0595e5f86be82 An...

Malicious Package

Overview json-spacer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

CVE-2026-33438

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

CVE-2026-33438

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

EUVD-2026-16262

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

CVE-2026-33438

Stirling-PDF is affected by a Denial of Service (DoS) vulnerability in the watermark endpoint. Affected versions are 2.1.5 through 2.5.1 (prior to 2.5.2). An authenticated user can trigger resource exhaustion and server crashes by sending extreme values for fontSize and widthSpacer to /api/v1/sec...

CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

CVE-2026-33438 Stirling-PDF vulnerable to DoS via add-watermark

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service DoS vulnerability in the Stirling-PDF watermark functionality /api/v1/security/add-watermark endpoint. The vulnerabilit...

PT-2026-28483

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions 2.1.5 through 2.5.1 Description Stirling-PDF is a locally hosted web application for PDF file operations. An authenticated user can trigger a Denial of Service DoS condition by submitting extreme values for the fontSize a...

EUVD-2024-33585

Malicious code in bioql PyPI...

CVE-2024-10527

The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motechspacercallback function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view...

CVE-2022-3618

The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2024-13590

The Ketchup Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-2225 · WordPress · Ketchup Shortcodes

Name of the Vulnerable Software and Affected Versions: Ketchup Shortcodes plugin for WordPress versions up to, and including, 0.1.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spacer' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-10527

The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motechspacercallback function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view...

CVE-2024-10527 Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure

The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motechspacercallback function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view...

CVE-2024-10527 Spacer <= 3.0.7 - Missing Authorization to Authenticated (Subscriber+) Limited Information Disclosure

The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motechspacercallback function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view...

CVE-2024-10527

The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motechspacercallback function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view...

CVE-2024-10527

CVE-2024-10527 affects the Spacer WordPress plugin. The vulnerability results from a missing capability check in the motech_spacer_callback() function across all versions up to and including 3.0.7. This allows authenticated users with Subscriber-level access and above to view limited settings inf...