1098 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
CVE-2020-37244
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...
CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...
CVE-2020-37244
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...
CVE-2020-37244
Supsystic Membership 1.4.7 (WordPress plugin) contains an SQL injection vulnerability in the badges module, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting payloads through the 'search' and 'sidx' parameters. Attacks can use time-based blind or UNION-based SQL inj...
CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...
EUVD-2020-31244
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...
WordPress plugin Supsystic Membership SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-41444
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...
Malicious code in ally-badges (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...
MAL-2026-3296 Malicious code in ally-badges (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 628f679ca3d11168a5d0e0930680b72c113158a013369f538a273ce91cb5e5a6 The package ally-badges was found to contain malicious code. Source: ghsa-malware 9c052706f47011272c0f6a24723dc146f15603ac21d81708fa2b91678889df60 An...
WordPress plugin UsersWP 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
aksharify (=0.2.0), buildbot-badges (>=1.7.0 <=1.8.2) +51 more potentially affected by CVE-2026-31899 via cairosvg (>=0.5.0 <=2.8.2)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.20.7, =1.0.0b1, =0.0.2, =2025.5.0, =1.0.0, =0.1.0, =1.3.6, =0.2.2, =0.2.32 and more Source cves: CVE-2026-31899 Source advisory: OSV:GHSA-F38F-5XPM-9R7C...
Moodle has an authorization logic flaw
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...
CVE-2025-67856
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...
CVE-2023-50827
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8...
CVE-2025-23949
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This issue affects Improved Sale Badges – Free Version: from n/a...
A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them r...
io.jenkins.plugins:coverage-badges-extension (>=157.vf5d725246222 <=197.vb_390173d00ec) potentially affected by CVE-2025-67641 via io.jenkins.plugins:coverage (>=2.1.0 <=2.2941.v08df75b_767f1)
io.jenkins.plugins:coverage MAVEN version =2.1.0, =157.vf5d725246222, =197.vb390173d00ec Source cves: CVE-2025-67641 Source advisory: SNYK:JAVA-IOJENKINSPLUGINS-14383149...