2670 matches found
Malicious code in @kui-react/button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eb2774da41feb2f5825c18cb59ff37b64a456fd5770d202cc5542aaaa634f4df The package @kui-react/button was found to contain malicious code...
Malicious code in @emerald-react/icon-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a17ff250c076101691329fe30e2efab7630e3563d3c0e6423a94d0eeec60d3dc The package @emerald-react/icon-button was found to contain malicious code...
MAL-2026-1611 Malicious code in @emerald-react/icon-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a17ff250c076101691329fe30e2efab7630e3563d3c0e6423a94d0eeec60d3dc The package @emerald-react/icon-button was found to contain malicious code...
Malicious code in @emerald-react/button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a53b07341310aa38bec5a12c64977afb8a97b940baf599f6e8d632417b9997e The package @emerald-react/button was found to contain malicious code...
MAL-2026-1601 Malicious code in @emerald-react/button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a53b07341310aa38bec5a12c64977afb8a97b940baf599f6e8d632417b9997e The package @emerald-react/button was found to contain malicious code...
Mattermost fails to limit the size of responses from integration action endpoints
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...
EUVD-2026-12383
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...
CVE-2026-2456 Denial of Service via Unbounded Memory Allocation in Integration Actions
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...
CVE-2026-2456
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 Mattermost fails to limit the size of responses from integration action endpoints, which allows an authenticated attacker to cause server memory exhaustion and denial of service via a malicious integration server that return...
CVE-2026-2456
Mattermost is affected by CVE-2026-2456 due to an unbounded memory allocation when handling responses from integration action endpoints. A authenticated attacker can cause server memory exhaustion and a denial of service by having a malicious integration server return an arbitrarily large respons...
PT-2026-25678
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.0 through 10.11.10 Mattermost versions 11.2.0 through 11.2.2 Mattermost versions 11.3.0 through 11.3.0 Description Mattermost does not limit the size of responses from integration action endpoints. This allows an...
CVE-2026-1073
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
EUVD-2026-10124
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
CVE-2026-1073
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
CVE-2026-29048
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
CVE-2026-1073 Purchase Button For Affiliate Link <= 1.0.2 - Cross-Site Request Forgery to Settings Update
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
CVE-2026-1073
The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the settings page form handler in inc/purchase-btn-options-page.php. This makes it possible for...
CVE-2026-29048
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
EUVD-2026-10014
HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...
CVE-2026-29048
HumHub (Open Source Enterprise Social Network) vulnerability CVE-2026-29048 affects HumHub 1.18.0 in the Button component, where inconsistent output encoding allows cross-site scripting. The CVSS 4.0 vector yields a base score of 6.9 (Medium) with network attack vector, low attack complexity, and...