File Inclusion node-tar Dependency in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.0, 9.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.1 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

MAL-2026-994 Malicious code in vl-ui-code-preview (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5abf0716d5a814e3cd0ca1da245819d81f5238adb1911513d88b36825c7a99be The package vl-ui-code-preview was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in vl-ui-action-group (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 681eef2c6f7a9061c23f448a351fbf64b8d5302e6343f486e534c4a440b1e793 The package vl-ui-action-group was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in vl-ui-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e34ef0af8a8e8cc96afd0941b0fe2a5259eb4d2cf73564c5dde8b97a2bdf766 The package vl-ui-button was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-992 Malicious code in vl-ui-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e34ef0af8a8e8cc96afd0941b0fe2a5259eb4d2cf73564c5dde8b97a2bdf766 The package vl-ui-button was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-991 Malicious code in vl-ui-breadcrumb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81c270ce4308a58eda8d509b95c7598472480a53a99953d598e400e85440f563 The package vl-ui-breadcrumb was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in vl-ui-body (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd90d73547d2e88c7a229ca9924f96c2d5e43bc5b1a8cb6b8a182d322d783510 The package vl-ui-body was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-990 Malicious code in vl-ui-body (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd90d73547d2e88c7a229ca9924f96c2d5e43bc5b1a8cb6b8a182d322d783510 The package vl-ui-body was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in vl-ui-checkbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b636f4789648035c4ee34537313e51b2e4ba39f2f4ea19b6d8744f61a12bce3 The package vl-ui-checkbox was found to contain malicious code. Source: ossf-package-analysis...

VulnCheck KEV: CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

CVE-2025-64095 DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

CVE-2025-62802 DNN CKEditor Provider allows unauthenticated upload out-of-the-box

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most...

CVE-2025-62897 WordPress WP Recipe Maker plugin < 10.1.0 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Code Injection.This issue affects WP Recipe Maker: from n/a through 10.1.0...

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2021-1821

Malware in sbrugna...

CVE-2025-25967

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery CSRF. This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections...

DDSN Interactive Acora CMS 跨站请求伪造漏洞

DDSN Interactive Acora CMS is an enterprise web and mobile CMS from DDSN Interactive. A security vulnerability exists in DDSN Interactive Acora CMS version 10.1.1 that stems from a lack of CSRF protection and could lead to unauthorized operations...

CVE-2025-25967

Acora CMS version 10.1.1 is vulnerable to Cross-Site Request Forgery CSRF. This flaw enables attackers to trick authenticated users into performing unauthorized actions, such as account deletion or user creation, by embedding malicious requests in external content. The lack of CSRF protections...