MAL-2026-5582 Malicious code in wp-env (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec2e092036cea9a9b2563e18b3d588ab046800c2160fb820081423b909066759 Package squats the wp-env CLI name commonly invoked as npx wp-env by users intending @wordpress/env. The package ships only bin/run.js declared main:...

isafari.nathab.com Cross Site Scripting vulnerability OBB-4047527

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

frdic.com Cross Site Scripting vulnerability OBB-4035640

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

curl: curl --continue-at confusion

Summary: When curl command is used with --continue-at, the --no-clobber is unexpectedly ignored and curl will append the output to the target file, even if it already exists. If --continue-at is used with--remove-on-error it can lead to unexpected removal of the file on early errors. Note that th...

expertcomptables5962.fr Cross Site Scripting vulnerability OBB-3953254

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cook4mecali.com Cross Site Scripting vulnerability OBB-3939151

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cambodiaexpatsonline.com Cross Site Scripting vulnerability OBB-3919482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

yamatokatari.org Cross Site Scripting vulnerability OBB-3907176

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fxkia9-iinavi.inax.lixil.co.jp Cross Site Scripting vulnerability OBB-3879408

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

seedsnpots.com Cross Site Scripting vulnerability OBB-3764702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

szlgmhb.com Cross Site Scripting vulnerability OBB-3659921

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

jmonline.nl Cross Site Scripting vulnerability OBB-3522496

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

attackers with role "USER" can create tags

Description It seems that the users with role ""USER" has no permission with creating tags, but we do not enforce it. Ohers operation, like edit and delete has no problem. Proof of Concept pull the latest docker and setup answer 1 create a user with name "normaluser", whose role is "USER" 2 admin...

flash-mini.com Cross Site Scripting vulnerability OBB-3441747

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

monaelnaggar.com Cross Site Scripting vulnerability OBB-3309894

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

eschengraben.de Cross Site Scripting vulnerability OBB-3223553

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vayerartgallery.com Cross Site Scripting vulnerability OBB-3197253

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

musicminds.ie Cross Site Scripting vulnerability OBB-3193687

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ats-italia.it Cross Site Scripting vulnerability OBB-3192748

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bezev.de Cross Site Scripting vulnerability OBB-3185413

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...