@squawk/airport-data (>=0.2.0 <=0.7.3), @squawk/airports (>=0.2.0 <=0.6.1) +16 more potentially affected by unknown CVE via @squawk/types (>=0.3.1 <=0.8.0)

@squawk/types NPM version =0.3.1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.3.5 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3454...

whisperX REST API 代码问题漏洞

WhisperX REST API is an audio transcription and analysis enhancement tool developed by Pavel Zbornik. Versions of the WhisperX REST API from 0.3.1 to 0.5.0 have code vulnerabilities. These vulnerabilities stem from the FileService.downloadfromurl function, which performs a file extension check...

EUVD-2023-49385

Malicious code in bioql PyPI...

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

WordPress plugin WP Find Your Nearest 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP Find Your Nearest Plugin <= 0.3.1 - CSRF to Settings Change vulnerability

CSRF to Settings Change vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WP Find Your Nearest versions = 0.3.1...

WordPress WP Find Your Nearest plugin <= 0.3.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Find Your Nearest versions = 0.3.1...

WordPress Delete Custom Fields plugin <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion vulnerability

Cross-Site Request Forgery to Post Meta Deletion vulnerability discovered by Francesco Carlucci in WordPress Plugin Delete Custom Fields versions = 0.3.1...

@4players/odin-bot-sdk (>=0.1.0 <=0.4.4), @bhznjns/node-mp3-player (>=1.0.0 <=1.3.3) +39 more potentially affected by CVE-2020-7615 via fsa (>=0.3.1 <=0.5.1)

fsa NPM version =0.3.1, =0.1.0, =1.0.0, =1.0.0, =0.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.2, =1.2.2, =0.1.0, =1.0.4, =0.1.0, =0.1.0, =1.0.0, =2.0.0 - chiasenhac-music-bot =1.0.0 and more Source cves: CVE-2020-7615 Source advisory: OSV:GHSA-3P94-VJ97-FM4Q...