11 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...
CVE-2026-39943
CVE-2026-39943 (Directus) affects Directus prior to v11.17.0. The revision-snapshot path writes revisions to directus_revisions without consistently applying the prepareDelta sanitization, potentially storing sensitive fields (tokens, 2FA secrets, external auth identifiers, auth data, credentials...
CVE-2026-39943
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-39943 Directus exposes sensitive fields in revision history
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-1927
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...
CVE-2026-1927
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...
CVE-2026-1927 GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...
CVE-2026-1927
CVE-2026-1927 affects the Greenshift – animation and page builder blocks plugin for WordPress (versions up to and including 12.5.7). The root cause is a missing capability check in the greenshift_app_pass_validation() function, allowing authenticated attackers with Subscriber-level access and abo...
Devolutions Remote Desktop Manager <= 2025.3.23.0 AI Integration API Key Exposure (DEVO-2025-0017)
The version of Devolutions Remote Desktop Manager installed on the remote host is prior or equal to 2025.2.23.0 and is, therefore, affected by an AI integration API key exposure vulnerability: - Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Window...