CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

PT-2025-52429

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...

PT-2025-52428

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

CVE-2025-40194

creationtimestamp| type| source ---|---|--- 2025-12-12 02:38:08+00:00| seen| https://bsky.app/profile/potato.software/post/3m7r2nha3ab2d 2025-12-12 02:38:08+00:00| seen| https://bsky.app/profile/secqube.com/post/3m7r2ngqa5c2s 2026-04-02 17:00:00+00:00| seen|...

WordPress Icon List Block plugin <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Sushi Com Abacate in WordPress Plugin Icon List Block versions = 1.2.1...

GO-2025-4088 sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls

sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls...

CVE-2025-11587

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

EUVD-2025-36639

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

CVE-2025-11587

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with...

CVE-2025-11587

CVE-2025-11587 refers to the WordPress plugin “Call Now Button – The #1 Click to Call Button for WordPress.” The advisory states a missing capability check in the activate function across all versions up to 1.5.3, allowing authenticated users with Subscriber-level access or higher to modify data ...

Malicious Package

Overview monzo-com is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2025-12305 quequnlong shiyi-blog Job SysJobController.java deserialization

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...

Malwarebytes for Teams 安全漏洞

Malwarebytes for Teams is a multi-terminal protection suite from US-based Malwarebytes, Inc. A security vulnerability exists in Malwarebytes for Teams version 1.0.990 and earlier, which stems from a flaw in the COM interface that could lead to elevated privileges...

CVE-2021-43768

In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe...

CVE-2021-43768

In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe...

PT-2025-43621

Name of the Vulnerable Software and Affected Versions Malwarebytes For Teams versions prior to 1.0.1003 Description A privilege escalation can occur through the COM interface within the mbamservice.exe process. Recommendations Update Malwarebytes For Teams to version 1.0.1003 or later...

CVE-2021-43768

In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe...

MAL-2025-48449 Malicious code in monzo-com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39349f1d7e9c11249daccdfa4fd66aece003c79426359c49af2c3d56c341d195 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in monzo-com (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39349f1d7e9c11249daccdfa4fd66aece003c79426359c49af2c3d56c341d195 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-34862

Malicious code in monzo-com npm...