MAL-2026-2230 Malicious code in aquasecurityofficial.trivy-vulnerability-scanner (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b6cab1dae06f51e2aaa57704d8374b6882440070d0796e7b719a85e6f803888b This extension is a compromised version of the offical Trivy VSCode extension available on the Microsoft Marketplace. Versions 1.8.11 and...

CVE-2026-28353

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...

EUVD-2026-9869

Trivy Vulnerability Scanner is a VS Code extension that helps find vulnerabilities. In Trivy VSCode Extension version 1.8.12, which was distributed via OpenVSX marketplace was compromised and contained malicious code designed to leverage local AI coding agent to collect and exfiltrate sensitive...

Trivy Action 安全漏洞

Trivy Action is a container vulnerability scanning tool developed by Aqua Security. Version 1.8.12 of Trivy Action contains a security vulnerability; this vulnerability stems from the inclusion of malicious code, which may lead to the collection and disclosure of sensitive information...

WordPress Qubely plugin <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'align' and 'UniqueID' vulnerability discovered by Nishiv - Developer in WordPress Plugin Qubely versions = 1.8.12...

EUVD-2018-0498

Malware in sbrugna...

EUVD-2017-15245

Malware in sbrugna...

EUVD-2023-56240

Malicious code in bioql PyPI...

CVE-2025-26767

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through = 1.8.12...

CVE-2025-26767

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12...

WordPress plugin Qubely – Advanced Gutenberg Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2024-14181 · Unknown · Ai Power: Complete Ai Pack

Name of the Vulnerable Software and Affected Versions: AI Power: Complete AI Pack – Powered by GPT-4 versions 1.8.12 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

WordPress GPT3 AI Content Writer Plugin <= 1.8.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software GPT3 AI Content Writer Type Plugin Vulnerable versions = 1.8.12 Fixed in 1.8.13 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51528 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 803ba388c710 Credits Brandon...

WordPress Everse Theme < 1.8.12 is vulnerable to Cross Site Scripting (XSS)

Software Everse Type Theme Vulnerable versions 1.8.12 Fixed in 1.8.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ac81191bc6b1 Credits Rafie Muhammad Patchstack Required privile...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image scaling. A security vulnerability exists in PrestaShop Module City Autocomplete, which stems from the presence of a SQL...

WordPress plugin David Cole Simple SEO 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

CVE-2019-20182

The FooGallery plugin 1.8.12 for WordPress allow XSS via the posttitle parameter...

Popup-Maker < 1.8.12 - Multiple Vulnerabilities

An attacker can partially control the arguments of the doaction, during the initialization of the PUMSite . Because of this, an attacker can call any method which contains an action starting from popmake or pum . This will lead to successful execution of functions which do not require arguments...

Nippon Institute of Agroinformatics SOY CMS with installer cross-site scripting vulnerability

Nippon Institute of Agroinformatics SOY CMS with installer is a web content management system CMS from Nippon Institute of Agroinformatics, Japan. The system supports the creation of websites, development of software based on A/B testing, optimization of websites, etc. installer is one of the...

Nippon Institute of Agroinformatics SOY CMS Directory Traversal Vulnerability

Nippon Institute of Agroinformatics SOY CMS is a web content management system CMS from Nippon Institute of Agroinformatics, Japan. The system supports the creation of websites, the development of software based on A/B testing, and the optimization of websites. A directory traversal vulnerability...