Astra Linux - уязвимость в ark

libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...

@alessiodf/core-chameleon (=0.0.1), @arkecosystem/core (>=3.0.0-alpha.0 <=3.11.0-rc.1) +135 more potentially affected by CVE-2026-29063 via immutable (>=5.0.0-beta.2 <=5.1.4)

immutable NPM version =5.0.0-beta.2, =3.0.0-alpha.0, =3.0.0-alpha.0, =3.0.0-alpha.0, =3.0.0-alpha.0, =3.0.0, =3.0.0-alpha.6, =3.9.0, =3.0.0-alpha.0, =3.0.0-alpha.0, =0.1.0, =1.0.6 - @dreamcatcher-tech/web =0.0.0 and more Source cves: CVE-2026-29063 Source advisory: SNYK:JS-IMMUTABLE-15423650...

CVE-2011-0459

Cross-site scripting XSS vulnerability in Cyber-Ark Password Vault Web Access PVWA 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2025-13684

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

CVE-2025-13684

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

EUVD-2025-201393

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

CVE-2025-13684

CVE-2025-13684 concerns the ARK Related Posts WordPress plugin (version

CVE-2025-13684 ARK Related Posts <= 2.19 - Cross-Site Request Forgery to Settings Update

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

CVE-2025-13684 ARK Related Posts <= 2.19 - Cross-Site Request Forgery to Settings Update

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

WordPress plugin ARK Related Posts 跨站请求伪造漏洞

...

PT-2025-49232

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark rp options page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via ...

WordPress ARK Related Posts plugin <= 2.19 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ARK Related Posts versions = 2.19...

Malicious Package

Overview ark-experience is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-48613 Malicious code in ark-experience (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3390fa937ce615a9cf2e911edd90f9f2e03376c02c4a2f1642d3c9a9fdd4f291 Any computer that has this package installed or running should be considered...

Malicious code in ark-experience (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3390fa937ce615a9cf2e911edd90f9f2e03376c02c4a2f1642d3c9a9fdd4f291 Any computer that has this package installed or running should be considered...

Malicious code in @aml-ark/ark-experience-byteplus (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b9a81d78ce8d8f1da9a31e80166834c3098ef03d5ef0e58e1a03d1d93418314 Any computer that has this package installed or running should be considered...

CVE-2025-11023

CVE-2025-11023 affects ArkSigner AcBakImzala before v5.1.4. Root cause: improper control of the filename used in PHP include/require, enabling a PHP Local File Inclusion via a Remote File Inclusion vulnerability pattern. Documented impact in sources: high confidentiality, integrity, and availabil...

Debian: Security Advisory (DSA-6029-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 6029-1] ark security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6029-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 20, 2025 https://www.debian.org/security/faq -...

Debian dsa-6029 : ark - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-6029 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6029-1 [email protected] https://www.debian.org/security/ Moritz...