CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

CVE-2019-25738 WordPress Hybrid Composer 1.4.6 Unauthenticated Settings Change

WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hcajaxsaveoption action. Attackers can send POST requests to the admin-ajax.php endpoint with the action parameter set to...

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

GHSA-M8XX-3X29-84H8 backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, we take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them...

backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them information...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

RHSA-2026:22714 Red Hat Security Advisory: osbuild-composer security update

Bulletin has no description...

RHSA-2026:22450 Red Hat Security Advisory: osbuild-composer security update

Bulletin has no description...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

tagDiv Composer < 4.2 - Stored Cross-Site Scripting

tagDiv Composer plugin versions before 4.2 for WordPress are vulnerable to unauthenticated stored XSS via the /wp-json/tdw/savecss endpoint. An attacker can inject malicious JavaScript code through the compiledcss parameter, which gets stored and executed when the CSS is loaded. id: CVE-2023-3169...

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

PT-2026-46102

Impact It’s a “moderate” vulnerability… but being an admin panel, we take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

TencentOS Server 3: osbuild-composer (TSSA-2026:0387)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0387 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Fedora 43 : composer (2026-3e8172bbdb)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e8172bbdb advisory. Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure GHSA-f9f8-rm49-7jv2 Tenable has extracted the preceding description block...

Fedora 44 : composer (2026-bd05cb6c4d)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bd05cb6c4d advisory. Version 2.9.8 - 2026-05-13 Security: Fixed GitHub token validation and disclosure GHSA-f9f8-rm49-7jv2 Tenable has extracted the preceding description block...

Fedora 44 : pie (2026-3d8d946f69)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3d8d946f69 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...

Fedora 43 : pie (2026-b7427db462)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b7427db462 advisory. Version 1.4.4 Dependencies - Update Composer to 2.9.8 ---- Version 1.4.3 - add output check for dnf permission denied thanks to @asgrim and @hackel - don't...

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json,"...