CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

CVE-2026-45323

Summary: CVE-2026-45323 affects MeshCore Card for Home Assistant. Before version 0.3.3, node names in the meshcore-card were rendered without HTML escaping, enabling an attacker within direct or indirect (repeated) radio range to inject arbitrary JavaScript in the Home Assistant frontend of any v...

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

PT-2026-44460

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

WordPress Login with NEAR plugin <= 0.3.3 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by g0wthr in WordPress Plugin Login with NEAR versions = 0.3.3...

CVE-2026-8994

The Login with NEAR plugin for WordPress up to version 0.3.3 is vulnerable to authentication bypass. The ajaxLoginWithNear() function, exposed as wp_ajax_nopriv, accepts an attacker-controlled account POST parameter and authenticates a user based solely on a substring check for .near, with no non...

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Versions of OpenViking prior to 0.3.3 contained security vulnerabilities. These vulnerabilities stemmed from lack of authorization, which could allow unauthorized attackers to enumerate or...

CVE-2025-15129

A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be execute...

EUVD-2021-1553

Malware in sbrugna...

EUVD-2018-1899

Malware in sbrugna...

EUVD-2019-5052

Malware in sbrugna...

EUVD-2025-25336

Malicious code in bioql PyPI...

EUVD-2025-28053

Malicious code in bioql PyPI...

EUVD-2025-29241

Malicious code in bioql PyPI...

CVE-2025-10772

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robotdevices/robots/lekiwiremote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can onl...

CVE-2025-10772

A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robotdevices/robots/lekiwiremote.py of the component ZeroMQ Socket Handler. The manipulation leads to missing authentication. The attack can onl...

PT-2025-38670

Name of the Vulnerable Software and Affected Versions huggingface LeRobot versions up to 0.3.3 Description A vulnerability exists in huggingface LeRobot up to version 0.3.3 related to missing authentication within the ZeroMQ Socket Handler functionality of the file lerobot/common/robot...

node-is-arrayish 安全漏洞

node-is-arrayish is a codebase by Josh Junon Personal Developer. A security vulnerability exists in node-is-arrayish version 0.3.3, which stems from a phishing attack resulting in an account takeover, where implanted malicious code may redirect cryptocurrency transactions in the browser environme...

PT-2025-37749

Name of the Vulnerable Software and Affected Versions: is-arrayish versions prior to 0.3.4 Description: The is-arrayish package was compromised through a phishing attack on an npm publishing account. Version 0.3.3 was published with a malware payload designed to redirect cryptocurrency transactio...

CVE-2025-48169

Improper Control of Generation of Code 'Code Injection' vulnerability in Jordy Meow Code Engine code-engine allows Remote Code Inclusion.This issue affects Code Engine: from n/a through = 0.3.3...