Malicious code in js-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis adff3edac3c3ba1c04ba273f77d51c95d153b4e027ec4809b3d2f3c74a712a92 The OpenSSF Package Analysis project identified 'js-shared-modules' @ 1.11.7 npm as malicious. It is considered malicious because: - The package...

MAL-2026-5098 Malicious code in js-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis adff3edac3c3ba1c04ba273f77d51c95d153b4e027ec4809b3d2f3c74a712a92 The OpenSSF Package Analysis project identified 'js-shared-modules' @ 1.11.7 npm as malicious. It is considered malicious because: - The package...

GHSA-49PM-43HF-6XFQ IPAM controller service account granted unnecessary full access to Secrets

Impact IPAM is the IP address Manager for Cluster API Provider Metal3. The IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal operation. If the controller pod were...

EUVD-2025-7797

Malicious code in bioql PyPI...

CVE-2024-54206

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in URBAN BASE Z-Downloads z-downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through = 1.11.7...

CVE-2023-33926

Cross-Site Request Forgery CSRF vulnerability in Supsystic Easy Google Maps plugin = 1.11.7 versions...

CVE-2025-27604

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7...

CVE-2025-27604 XWiki Confluence Migrator Pro's homepage is public

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7...

CVE-2025-27604 XWiki Confluence Migrator Pro's homepage is public

XWiki Confluence Migrator Pro helps admins to import confluence packages into their XWiki instance. The homepage of the application is public which enables a guest to download the package which might contain sensitive information. This vulnerability is fixed in 1.11.7...

CVE-2025-27604

CVE-2025-27604 affects XWiki Confluence Migrator Pro. The vulnerability arises because the application homepage is public, allowing a guest to download the migration package that may contain sensitive information. Impact is information disclosure; no exploitation details are provided in the sourc...

CVE-2023-2526

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...

Cross site request forgery (csrf)

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...

PT-2023-20002 · WordPress · Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Easy Google Maps plugin for WordPress versions up to and including 1.11.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the AJAX action handler. This allows unauthenticated...

CVE-2023-33926

Cross-Site Request Forgery CSRF vulnerability in Supsystic Easy Google Maps plugin = 1.11.7 versions...

PT-2023-24573 · WordPress · Supsystic Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Supsystic Easy Google Maps plugin versions = 1.11.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

Debian DLA-2357-1 : ros-actionlib security update

Use of unsafe yaml load was fixed in ros-actionlib, the Robot OS actionlib library. For Debian 9 stretch, this problem has been fixed in version 1.11.7-1+deb9u1. We recommend that you upgrade your ros-actionlib packages. For the detailed security status of ros-actionlib please refer to its securi...