6562 matches found
CVE-2026-12322
CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...
CVE-2026-12322 Clickjacking issue in the Widget: Gtk component
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin
CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...
PT-2026-49691
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Thunderbird versions prior to 152 Description A clickjacking issue exists in the Widget: Gtk component. Clickjacking is a technique where an attacker tricks a user into clicking something different from what the...
Malicious code in twrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 174cba09d5ec9724bd55871c7f74c27ff8592bf55c06464204e0591667377259 twraptoolkit/init.py defines getpayload which issues a plaintext HTTP request to http://194.5.152.9:8080/hacks/textwrap-toolkit/textwraptoolkit/init....
EUVD-2025-210161
Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...
CVE-2025-68851
Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...
CVE-2025-68851 WordPress Okay Toolkit plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...
CVE-2025-68851
CVE-2025-68851 refers to the WordPress Okay Toolkit plugin (<= 2.3) and describes an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was identified by Skalucy. The provided documents do not specify the exact vulnerable input, affected product version(s) be...
PT-2026-49351
Unauthenticated Cross Site Scripting XSS in Okay Toolkit = 2.3 versions...
SUSE CVE-2026-12034
Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Chromium security severity: High...
MAL-2026-5722 Malicious code in textwrap-toolkit-stager (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9fc85924d5672f7c91c2dd5e97c46cc48e3ae48084f906b7b0ba9d606c433fa4 On import textwraptoolkitstager, the package's init.py unconditionally fetches Python source from...
aetherion
/\ | | | | | |...
Malicious code in vite-react-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 879905a93676f42398cca583eb921d5ee04a7c84068d7aa0123a7cefdf26d995 On import/require of vite-react-toolkit, src/features/extras/config.js reached via the package main → createConfig.js → features/plugins.js side-effe...
MAL-2026-5701 Malicious code in vite-react-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 879905a93676f42398cca583eb921d5ee04a7c84068d7aa0123a7cefdf26d995 On import/require of vite-react-toolkit, src/features/extras/config.js reached via the package main → createConfig.js → features/plugins.js side-effe...
Malicious Package
Overview vite-react-toolkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
CVE-2026-47365
CVE-2026-47365 affects WordPress Toolkit (before 6.11.0) as used in cPanel & WHM. An argument injection flaw enables remote authenticated users to bypass cross-tenant authorization and run arbitrary wp-toolkit CLI commands as another account. The description and connected records confirm the affe...