92 matches found
CVE-2026-10077 YOOtheme Pro < 5.0.35 - Author+ Stored XSS via UIkit Data Attributes
The yootheme WordPress theme before 5.0.35 does not prevent its bundled front-end framework from treating certain HTML attributes, which are permitted by wpksespost, as markup, allowing users with the Author role to perform Stored Cross-Site Scripting attacks that execute in the browser of any us...
CVE-2026-10077
The affected product is the YOOtheme WordPress theme (prior to 5.0.35). The issue arises in the bundled front-end framework that can treat certain HTML attributes, allowed by wp_kses_post(), as markup, enabling Stored XSS when a user with the Author role views a post. The root cause is improper h...
PT-2026-27611
Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.4 iPadOS versions prior to 26.4 Description A security issue exists where an attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps wi...
Malicious code in @storylane/uikit (npm)
The package '@storylane/uikit' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious Package
Overview uq-global-ec-uikit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
EUVD-2026-3510
Malicious code in gu-global-ec-uikit npm...
EUVD-2026-3506
Malicious code in shared-global-ec-uikit npm...
EUVD-2026-3509
Malicious code in pl-global-ec-uikit npm...
Malicious Package
Overview pl-global-ec-uikit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in gu-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af8b504bec83c372b24f21eb2b83e6a5ec1ceceef82ba4b57dc401e1ab44f9a4 The package gu-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
Malicious code in uq-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aff150b2aef330176090006c8f217913a40ee17728ec4c821c5c3310624bb0ba The package uq-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-3505
Malicious code in uq-global-ec-uikit npm...
Malicious Package
Overview shared-global-ec-uikit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
MAL-2026-363 Malicious code in pl-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 327cc69fee3f2500a3cf23d3c917935d3d7db124d0b7f3c136fead2f1d69f093 The package pl-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
Malicious code in pl-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 327cc69fee3f2500a3cf23d3c917935d3d7db124d0b7f3c136fead2f1d69f093 The package pl-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
Malicious code in shared-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ac32ab19d7e9c15b0c6a69dafe143c75cab5612b903293c16865f371b8a00a7 The package shared-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
MAL-2026-361 Malicious code in gu-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af8b504bec83c372b24f21eb2b83e6a5ec1ceceef82ba4b57dc401e1ab44f9a4 The package gu-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
MAL-2026-364 Malicious code in shared-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ac32ab19d7e9c15b0c6a69dafe143c75cab5612b903293c16865f371b8a00a7 The package shared-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
MAL-2026-367 Malicious code in uq-global-ec-uikit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aff150b2aef330176090006c8f217913a40ee17728ec4c821c5c3310624bb0ba The package uq-global-ec-uikit was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-3104
Malicious code in @wb-team/uikit-myteam-web npm...