MAL-2025-4821 Malicious code in csvtool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8d9b3cadfd970dcf2392be22191a804e0b036f926807ed006b53d1542fb4ffc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-26590

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nir Complete Google Seo Scan complete-google-seo-scan allows SQL Injection.This issue affects Complete Google Seo Scan: from n/a through = 3.5.1...

CVE-2025-26590

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nir Complete Google Seo Scan complete-google-seo-scan allows SQL Injection.This issue affects Complete Google Seo Scan: from n/a through = 3.5.1...

CVE-2025-26590

CVE-2025-26590 relates to the Complete Google Seo Scan WordPress plugin. Connected sources confirm a SQL Injection vulnerability affecting “Complete Google Seo Scan” versions up to 3.5.1. The Wordfence entry explicitly classifies this as an Authenticated (Administrator+) SQL Injection and notes t...

CVE-2025-26590 WordPress Complete Google Seo Scan plugin <= 3.5.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nir Complete Google Seo Scan complete-google-seo-scan allows SQL Injection.This issue affects Complete Google Seo Scan: from n/a through = 3.5.1...

PT-2025-24117 · Unknown · Nir Complete Google Seo Scan

Name of the Vulnerable Software and Affected Versions: Nir Complete Google Seo Scan versions 3.5.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

WordPress plugin Complete Google Seo Scan SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

net.aequologica.neo:geppaequo-tags (>=0.5.3 <=0.6.0), net.aequologica.neo:geppaequo-web (>=0.5.3 <=0.6.0) +4 more potentially affected by CVE-2025-2336 via org.webjars.npm:angular-sanitize (>=1.5.0-beta.0 <=1.8.3)

org.webjars.npm:angular-sanitize MAVEN version =1.5.0-beta.0, =0.5.3, =0.5.3, =0.6.0 - org.webjars.npm:angular-auto-complete =1.7.4 - org.webjars.npm:angular-material-calendar =0.2.14 - org.webjars.npm:angular-schema-form =0.8.13 - org.webjars.npm:github-com-showdownjs-ng-showdown =1.1.0 Source...

The vulnerability of the mlx5e_txwqe_complete() function in the drivers/net/ethernet/mellanox/mlx5/core/en_tx.c file of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the mlx5etxwqecomplete function in the drivers/net/ethernet/mellanox/mlx5/core/entx.c file of the Linux kernel is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueue_push() function allows a attacker to disclose sensitive information.

The vulnerability of the virtio-scsi, virtio-blk, and virtio-crypt components of the QEMU hardware emulation driver’s virtqueuepush function is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to disclose protected information through the...

Robust and Verifiable MPC with Applications to Linear Machine Learning Inference

In this work, we present an efficient secure multi-party computation MPC protocol that provides strong security guarantees in settings with dishonest majority of participants who may behave arbitrarily. Unlike the popular MPC implementation known as SPDZ Crypto '12, which only ensures security wi...

UBUNTU-CVE-2025-37995

In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobjectput is safe for module type kobjects In 'lookuporcreatemodulekobject', an internal kobject is created using 'modulektype'. So call to 'kobjectput' on error handling path causes an attempt to use an...

Malicious code in mxc-jsbridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a080d6fa2cab7be94e152a7b621f7fd9d0ce62e7a726343e61bfbdf9e676e427 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-9119

The SVG Complete plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, t...

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" askforaquotemodul = 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods AskforaquotemodulcustomernewquoteModuleFrontController::ru...

CVE-2024-33407

SQL injection vulnerability in /model/deleterecord.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33404

A SQL injection vulnerability in /model/addstudentfirstpayment.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the index parameter...

CVE-2024-45260

An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthorized groups can invoke any interface of the device, thereby gaining complete control over it...

CVE-2023-26866

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover...

CVE-2023-23788

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Florin Arjocu Custom More Link Complete plugin = 1.4.1 versions...