CVE-2025-8047 Multiple Plugins from itayamar - Supply Chain Compromise

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert...

PT-2025-33146 · WordPress · Pixter-Image-Digital-License +1

Name of the Vulnerable Software and Affected Versions: Disable-right-click-powered-by-pixterme versions through 1.2 pixter-image-digital-license versions through 1.0 Description: The Disable-Right-Click and Pixter Image Digital License WordPress plugins load a compromised JavaScript file from an...

PT-2022-23121 · Unknown · Deeplearning4J

Name of the Vulnerable Software and Affected Versions: Deeplearning4J versions through 1.0.0-M2.1 Description: The issue affects users of older NLP examples that reference an old S3 bucket. The problem arises from the use of some unclaimed S3 buckets in tests and examples. The estimated number of...

XSS with CSP bypass on WEB instances

📝 Description Drawio WEB instancesn allows https://storage.googleapis.com in CSP script-src, abusing the XSS found in this report, it is possible to bypass the CSP and leak private diagram content. 🕵️‍♂️ Proof of Concept On the web application side, the javascript execution is protected by the...