294 matches found
Malicious code in catch-secure-user-benchmark-scale (npm)
The package catch-secure-user-benchmark-scale was found to contain malicious code...
Malicious code in bad-catch-stack-compile-query (npm)
The package bad-catch-stack-compile-query was found to contain malicious code...
MAL-2025-16661 Malicious code in catch-secure-user-benchmark-scale (npm)
The package catch-secure-user-benchmark-scale was found to contain malicious code...
MAL-2025-22252 Malicious code in hash-query-string-assert-catch (npm)
The package hash-query-string-assert-catch was found to contain malicious code...
MAL-2025-26435 Malicious code in minify-catch-function-object-epsilon (npm)
The package minify-catch-function-object-epsilon was found to contain malicious code...
BIT-LIBPHP-2024-9026 PHP-FPM logs from children may be altered
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
Malicious code in log-trap-catch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dc12c22fb18702b22d35fa127f4f43058dc50f65393e6bbb1d666b48bb7d905 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4627 Malicious code in log-trap-catch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dc12c22fb18702b22d35fa127f4f43058dc50f65393e6bbb1d666b48bb7d905 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-47313
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through = 3.4.6...
CVE-2024-31279
Cross-Site Request Forgery CSRF vulnerability in Catch Plugins Generate Child Theme.This issue affects Generate Child Theme: from n/a through 2.0...
CVE-2024-47356
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through = 2.9.1...
CVE-2024-44010
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...
CVE-2024-11427
The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2022-39900
Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch...
CVE-2025-32154
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...
CVE-2025-32154
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode allows PHP Local File Inclusion. This issue affects Catch Dark Mode: from n/a through 1.2.1...
CVE-2025-32154
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...
CVE-2025-32154 WordPress Catch Dark Mode plugin <= 2.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...
CVE-2025-32154 WordPress Catch Dark Mode plugin <= 2.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through = 2.0.1...
CVE-2025-32154
CVE-2025-32154 affects Catch Dark Mode (WordPress plugin) and is an Authenticated Local File Inclusion via improper filename control in PHP include/require. Affected version range is Catch Dark Mode up to 1.2.1. The vulnerability is documented with a high impact (C, I, A) and a network attack vec...