Malicious Package

Overview strapi-plugin-content-sync is a malicious package. This package contains malicious code that conceals a command-and-control agent and credential harvester. A malicious actor published a coordinated campaign of thirty-six packages disguised as community Strapi CMS plugins. These packages...

EUVD-2025-16014

Malicious code in bioql PyPI...

CVE-2025-9894

The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsfcronjobfunc function. This makes it possible for unauthenticated attackers to trigger content synchronizati...

CVE-2025-48009

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48009

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48009 Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48009 Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060

Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...

CVE-2025-48009

CVE-2025-48009 affects Drupal Single Content Sync (versions 0.0.0 through 1.4.11). The issue is a Missing Authorization vulnerability that enables functionality misuse (access bypass) due to insufficient authorization checks. Evidence from multiple sources (CVE record, CVE listing, and vendor adv...

Drupal Single Content Sync 安全漏洞

Drupal Single Content Sync is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in the Drupal plugin Single Content Sync prior to version 1.4.12, which stems from a lack of authorization and could lead to feature abuse...

PT-2025-22387 · Drupal · Drupal Single Content Sync

Name of the Vulnerable Software and Affected Versions: Drupal Single Content Sync versions 0.0.0 through 1.4.11 Description: The issue is related to a Missing Authorization vulnerability in Drupal Single Content Sync, which allows functionality misuse. Recommendations: For versions 0.0.0 through...

Drupal Single Content Sync module < 1.4.12 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Dezső Biczó mxr576 in WordPress Module Single Content Sync versions 1.4.12...

Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060

This module enables you to seamlessly migrate and deploy content across environments, eliminating manual steps. It simplifies the process by exporting content to a YML file or a ZIP archive, which can be imported into another environment effortlessly. While the export feature rightfully bypasses...

com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)

org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...

Low: Red Hat Security Advisory: Satellite 6.10.3 Async Bug Fix Update

Updated Satellite 6.10 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clie...

389-ds:1.4 security and bug fix update

1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin 1.4.3.16-18 - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed...