@kids-reporter/cms-core (>=1.0.17 <=1.0.32), @kids-reporter/draft-editor (>=1.0.19 <=1.0.32) potentially affected by CVE-2025-46720 +1 more via @keystone-6/core (=6.5.1)

@keystone-6/core NPM version =6.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @keystone-6/core and may be impacted: - @kids-reporter/cms-core =1.0.17, =1.0.19, =1.0.32 Source cves: CVE-2025-46720, CVE-2026-33326 Source advisory:...

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin <= 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability

WordPress Converter for Media - Optimize images | Convert WebP & AVIF plugin = 6.5.1 - Unauthenticated Server-Side Request Forgery via src vulnerability discovered by Lucas Montes NiRoX in WordPress Plugin Converter for Media versions = 6.5.1...

CVE-2026-1356

CVE-2026-1356 affects the WordPress plugin “Converter for Media – Optimize images | Convert WebP & AVIF” and its vulnerable scope includes all versions up to and including 6.5.1. The issue is a Server-Side Request Forgery (SSRF) via PassthruLoader::load_image_source, enabling unauthenticated atta...

WordPress plugin Converter for Media 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress Shortcoder plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thifx in WordPress Plugin Shortcoder versions = 6.5.1...

PT-2025-51222

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to missing authorization in all versions up to, and including, 6.5.1 via the "ConvertController::insertToNewTable" function due to missing validation on a user controlled key. This makes it possible f...

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

CVE-2025-31954

HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see...

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-58133

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

CVE-2025-58133 Zoom Rooms Clients - Authentication Bypass

Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access...

EUVD-2020-12616

Malware in sbrugna...

EUVD-2021-1143

Malware in sbrugna...

EUVD-2020-29919

Malware in sbrugna...

EUVD-2023-31348

Malicious code in bioql PyPI...

EUVD-2023-36816

Malicious code in bioql PyPI...

Tenable Security Center Multiple Vulnerabilities (TNS-2025-18)

According to its self-reported version, the Tenable Security Center running on the remote host is between 6.5.1 and 6.6.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-18 advisory. - Improper neutralization of newlines in pgdump in PostgreSQL allows a user ...

[R1] Stand-alone Security Patches Available for Tenable Security Center versions 6.4.x, 6.5.1 and 6.6.0: SC-202508.1

R1 Stand-alone Security Patches Available for Tenable Security Center versions 6.4.x, 6.5.1 and 6.6.0: SC-202508.1 Arnie Cabral Thu, 08/28/2025 - 11:18 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components Apache, PHP, sqlit...

Tenable Security Center Multiple Vulnerabilities (TNS-2025-12)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-12 advisory. - In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause...

CVE-2023-27612

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...