ThemeGrill Demo Importer < 1.6.2 - Database Reset

ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a resetwizardactions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state...

web-app-pentest-altoromutual

Web Application Penetration Test — AltoroMutual demo.testfire...

libsolv-demo-0.7.38-1.1 on GA media (moderate)

libsolv-demo-0.7.38-1.1 on GA media Announcement ID: openSUSE-SU-2026:10895-1 Rating: moderate Cross-References: CVE-2026-48863 CVE-2026-9149 CVE-2026-9150 CVSS scores: CVE-2026-48863 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-48863 SUSE : 8.7...

PT-2026-45159

These are all security issues fixed in the libsolv-demo-0.7.38-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10895-1 libsolv-demo-0.7.38-1.1 on GA media

These are all security issues fixed in the libsolv-demo-0.7.38-1.1 package on the GA media of openSUSE Tumbleweed...

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libsolv: libsolv-0.7.38-2.hum1 aarch64, x8664 libsolv-demo-0.7.38-2.hum1 aarch64, x8664 libsolv-devel-0.7.38-2.hum1 aarch64, x8664 libsolv-tools-0.7.38-2.hum1 aarch64, x8664...

Malicious code in spip-pth-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...

MAL-2026-4770 Malicious code in spip-pth-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb61035c28fe642903fac1b2776b2593c1611831ce5553e63ef8b09a77e414c9 The package installs a suspicious-demo.pth file into site-packages via setup.py's datafiles="", "suspicious-demo.pth". Python auto-processes.pth file...

Malicious code in moneykit-cardano-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6186e5ec8b6cea4f1cec3b4284cf09f2e317dd7d745fb5f88e15b355497d08e package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identifiers and OS files —...

Malicious code in nw-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3ff057a42800ad78024ac1c48e0d6fbf9c828eb828a41e6737c32b6174ce8c Package is published publicly on npm at version 100.20.33 — a version-number shape used in dependency-confusion attacks to outrank private internal...

EUVD-2026-31033

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

CVE-2026-6394 Nexa Blocks <= 1.1.1 - Unauthenticated Blind Server-Side Request Forgery via 'demo_json_file' Parameter

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

PT-2026-42060

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the import demo function accepting a user-supplied URL in the demo json file POST parameter and...

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

Cisco Talos has uncovered a BadIIS variant -- identifiable by its embedded "demo.pdb" strings -- that functions as commodity malware. This variant is likely sold or shared among multiple Chinese-speaking cybercrime groups that operate under a malware-as-a-service MaaS model for continuous...

@drop-in-gaming/core (=0.1.7), demo-message (=1.0.0) +16 more potentially affected by unknown CVE via canvas-nest.js (>=2.0.3 <=2.0.4)

canvas-nest.js NPM version =2.0.3, =1.0.3, =1.0.0, =1.0.0, =1.0.18, =0.6.32, =0.4.17, =0.0.1, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4131...

@antv/lite-insight (>=2.1.0 <=2.1.1), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +3 more potentially affected by unknown CVE via @antv/narrative-text-schema (>=0.1.5 <=0.3.7)

@antv/narrative-text-schema NPM version =0.1.5, =2.1.0, =0.1.1, =0.1.6, =2.0.0, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4073...

@antv/narrative-text-vis (>=0.1.6 <=0.2.5), antv-site-demo-rc (>=0.1.0-alpha.16 <=0.1.0-alpha.22) potentially affected by unknown CVE via @antv/word-scale-chart (>=0.1.1 <=0.3.4)

@antv/word-scale-chart NPM version =0.1.1, =0.1.6, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4096...

Exploit for CVE-2024-34070

Exploit for CVE-2024-34070 Credit to froxlor for the vuln dis...