@bechara/crux (>=6.0.0 <=6.6.2), @cappa/cli (>=0.1.0 <=0.8.2) +11 more potentially affected by CVE-2026-6270 via @fastify/middie (>=9.0.2 <=9.3.1)

@fastify/middie NPM version =9.0.2, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.11, =0.1.51, =1.0.36, =11.0.0, =1.3.0, =5.0.0, =0.6.1-dev, =1.1.48 Source cves: CVE-2026-6270 Source advisory: SNYK:JS-FASTIFYMIDDIE-16098213...

CVE-2024-34757

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visualmodo Borderless borderless allows DOM-Based XSS.This issue affects Borderless: from n/a through = 1.7.3...

EUVD-2024-35027

Malicious code in bioql PyPI...

EUVD-2024-52338

Malicious code in bioql PyPI...

EUVD-2025-16552

Malicious code in bioql PyPI...

EUVD-2024-34397

Malicious code in bioql PyPI...

CVE-2025-5290

The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-5290 Borderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2025-5290

CVE-2025-5290 concerns the Borderless – Elementor Addons and Templates WordPress plugin. It is a Stored Cross-Site Scripting vulnerability via the title parameter affecting all versions up to 1.7.1, enabling an authenticated attacker with Contributor+ privileges to inject scripts that execute whe...

WordPress plugin Borderless – Elementor Addons and Templates 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

CVE-2024-54211

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visualmodo Borderless borderless allows Cross-Site Scripting XSS.This issue affects Borderless: from n/a through = 1.5.8...

CVE-2023-38518

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Visualmodo Borderless plugin = 1.4.8 versions...

CVE-2024-10867

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-10867

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-10867 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-10867 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload

The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible...

PT-2025-1612

Name of the Vulnerable Software and Affected Versions The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress versions up to, and including, 1.5.9 Description The issue is related to Stored Cross-Site Scripting via SVG File uploads due to...

WordPress plugin Borderless 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress Borderless plugin <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Borderless versions = 1.6.2...

WordPress Borderless plugin <= 1.5.9 - Missing Authorization to Icon Font Deletion vulnerability

Missing Authorization to Icon Font Deletion vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Borderless versions = 1.5.9...