@saltcorn/admin-models (>=1.5.0 <=1.5.0-rc.2), @saltcorn/base-plugin (>=1.5.0 <=1.5.0-rc.2) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.3), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.3) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.3 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

WordPress plugin Education Base 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-25402 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in echoplugins Knowledge Base for Documentation, FAQs with AI Assistance echo-knowledge-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through =...

WordPress plugin Knowledge Base for Documentation, FAQs with AI Assistance 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

MiracleLinux 9 : gstreamer1-plugins-base-1.22.1-2.el9 (AXSA:2024-8035:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8035:01 advisory. gstreamer-plugins-base: heap overwrite in subtitle parsing CVE-2023-37328 Tenable has extracted the preceding description block directly from the MiracleLinu...

PT-2025-54293

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BasePress Knowledge Base documentation & wiki plugin – BasePress allows Stored XSS.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.17.0.1...

WordPress plugin Knowledge Base 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Unity Linux 20.1070a Security Update: gstreamer1-plugins-base (UTSA-2025-984682)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984682 advisory. GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the formatchannelmask function in...

Malicious code in eslint-plugin-airbnb-base (npm)

The package eslint-plugin-airbnb-base was found to contain malicious code...

CVE-2025-7431

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin slug setting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

PT-2025-29985 · WordPress · Wp Knowledgebase

Name of the Vulnerable Software and Affected Versions: Knowledge Base plugin for WordPress versions prior to 2.3.2 Description: The Knowledge Base plugin for WordPress is susceptible to Stored Cross-Site Scripting via the plugin slug setting due to insufficient input sanitization and output...

CVE-2025-5533 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-5533 Knowledge Base <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

PT-2025-24036 · WordPress · Wp Knowledgebase

Name of the Vulnerable Software and Affected Versions: Knowledge Base plugin for WordPress versions prior to 2.3.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the kbalert shortcode. This allows authenticated attackers with...

WordPress plugin Knowledge Base 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

MAL-2025-2166 Malicious code in base-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d3a0ef4f39fc5d654899b1e04fe0737024518e969f56ca4d409ff2822a3bbb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in base-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d3a0ef4f39fc5d654899b1e04fe0737024518e969f56ca4d409ff2822a3bbb1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AZL-54303 CVE-2024-47835 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character '' in the string line. The pointer returned by this call ...

AZL-54309 CVE-2024-47615 affecting package gstreamer1-plugins-base 1.20.0-3

GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gstparsevorbissetuppacket within vorbisparse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the...