@algolia/coquille (>=0.0.2 <=0.0.13), @candlelabs/sdk (>=1.0.1 <=1.0.2) +20 more potentially affected by CVE-2026-33750 via brace-expansion (>=1.1.0 <=1.1.11)

brace-expansion NPM version =1.1.0, =0.0.2, =1.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.1.1, =1.0.3-dev.20180316T104657Z.4a84a30, =1.1.0 and more Source cves: CVE-2026-33750 Source advisory: SNYK:JS-BRACEEXPANSION-15789759...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

GHSA-595P-G7XC-C333 Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

EUVD-2026-2423

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling...

Arbitrary Code Injection

Overview algolia/algoliasearch-magento-2 is an Algolia Search & Discovery extension for Magento 2 Affected versions of this package are vulnerable to Arbitrary Code Injection via the job execution process. An attacker can execute arbitrary PHP code by injecting malicious data into the database...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, this could...

CVE-2025-11997

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

EUVD-2025-60957

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

CVE-2025-11997

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

CVE-2025-11997

CVE-2025-11997 affects the WordPress plugin Document Pro Elementor – Documentation & Knowledge Base. The root cause is information exposure via frontend JS: Algolia API keys are exposed through wp_localize_script without proper access controls, enabling unauthenticated users to view keys in page ...

CVE-2025-11997 Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

CVE-2025-11997 Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure

The Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.9. This is due to the plugin exposing sensitive Algolia API keys through the frontend JavaScript code via wplocalizescript without prope...

PT-2025-46269

Name of the Vulnerable Software and Affected Versions Document Pro Elementor – Documentation & Knowledge Base plugin for WordPress versions prior to 1.1.0 Description The plugin exposes sensitive Algolia API keys through the frontend JavaScript code via wp localize script without proper access...

WordPress plugin Document Pro Elementor 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Document Pro Elementor has an information disclosure vulnerability, the...

algoliasearch-helper is vulnerable to Prototype Pollution in _merge()

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

MAL-2025-34307 Malicious code in sycamore-integration-algolia (npm)

The package sycamore-integration-algolia was found to contain malicious code...

Malicious code in sycamore-integration-algolia (npm)

The package sycamore-integration-algolia was found to contain malicious code...

MAL-2024-9021 Malicious code in algolia-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e9938b498a630cfc9745cf7083809d4bc8477a92664b7f56c0b41b82f0d30e4 The OpenSSF Package Analysis project identified 'algolia-analyzer' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in algolia-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2e9938b498a630cfc9745cf7083809d4bc8477a92664b7f56c0b41b82f0d30e4 The OpenSSF Package Analysis project identified 'algolia-analyzer' @ 9.9.9 npm as malicious. It is considered malicious because: - The package...

Malicious code in algolia-places (RubyGems)

--- -= Per source details. Do not edit below this line.=-...