@0xgg/echomd (>=1.0.0 <=1.0.4), @adobe/react-spectrum-charts (>=1.16.0 <=1.28.0) +351 more potentially affected by CVE-2025-59840 via vega (>=1.5.4 <=6.1.2)

vega NPM version =1.5.4, =1.0.0, =1.16.0, =0.2.0, =1.1.5, =0.4.3, =0.1.0, =0.0.1, =0.20.0, =0.20.0, =0.4.1-canary.195, =0.0.0, =0.2.0-beta.0, =0.2.0-beta.4 and more Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-VVJF...

WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Salient Shortcodes versions = 1.5.4...

WordPress PDF Generator for WordPress Plugin <= 1.5.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Tran Hoang Tuan Kiet in WordPress Plugin PDF Generator for WordPress versions = 1.5.4...

WordPress Order Tip for WooCommerce plugin <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts vulnerability

Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts vulnerability discovered by t.t.brothers in WordPress Plugin Order Tip for WooCommerce versions = 1.5.4...

@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +131 more potentially affected by CVE-2025-27793 via vega (>=1.5.4 <=5.31.0)

vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =1.0.5, =1.2.0, =0.0.2, =0.8.0, =3.1.3 - @jupyterlab/vega3-extension =0.14.3 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...

@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +130 more potentially affected by CVE-2025-26619 via vega (>=1.5.4 <=5.30.0)

vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =1.0.5, =1.2.0, =0.0.2, =0.8.0, =3.1.3 - @jupyterlab/vega3-extension =0.14.3 and more Source cves: CVE-2025-26619 Source advisory: OSV:GHSA-RCW3-WMX7-CPHR...

WordPress Pretty Url Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Pretty Url versions = 1.5.4...

PT-2024-30440 · Unknown · Child Theme Creator

Name of the Vulnerable Software and Affected Versions: Child Theme Creator versions 1.5.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS. The estimated number of...

WordPress plugin Wallet for WooCommerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-25972 · Unknown · Ukrsolution Barcode Scanner With Inventory & Order Manager

Name of the Vulnerable Software and Affected Versions: UkrSolution Barcode Scanner with Inventory & Order Manager versions 1.5.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a w...

PT-2024-25971 · Unknown · Ukrsolution Barcode Scanner With Inventory & Order Manager

Name of the Vulnerable Software and Affected Versions: UkrSolution Barcode Scanner with Inventory & Order Manager versions 1.5.4 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. Recommendations: For versions 1.5.4 and earlier, update...

WordPress Plugin Quick Restaurant Reservations 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin Contact Forms by Cimatti 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin Creative Mail 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin Creative Mail 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Creative Mail 1.5.4 and earlier versions contain a cross-site request forgery vulnerability...

Mozilla: Denial of Service via complex regular expressions

regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those tunable mitigations already provide sane defaults to preven...

WordPress plugin Simple Event Planner 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Simple Event Planner plugin 1.5.4 and previou...

GHSA-M5PQ-GVJ9-9VR8 Rust's regex crate vulnerable to regular expression denial of service

This is a cross-post of the official security advisoryadvisory. The official advisory contains a signed version with our PGP key, as well. advisory: https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw The Rust Security Response WG was notified that the regex crate did not...

org.apache.unomi:unomi-docker (>=1.5.0 <=1.5.4) potentially affected by CVE-2021-31164 via org.apache.unomi:unomi (>=1.5.0 <=1.5.4)

org.apache.unomi:unomi MAVEN version =1.5.0, =1.5.0, =1.5.4 Source cves: CVE-2021-31164 Source advisory: OSV:GHSA-RM7F-MPCJ-W4F6...

rack-protection: Timing attack in authenticity_token.rb

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...