CVE-2026-2284 News Element Elementor Blog Magazine <= 1.0.8 - Missing Authorization to Authenticated (Subscriber+) Data Loss

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'necleandata' AJAX action. This makes it possible for authenticated attackers,...

PT-2026-20640

The News Element Elementor Blog Magazine plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.8. This is due to a missing capability check and nonce verification on the 'ne clean data' AJAX action. This makes it possible for authenticated attackers...

CVE-2025-14351

The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCFGoogleFontsCompatibility' class constructor function in all versions up to, and including, 2.1.16. This makes it possible for unauthenticated...

MAL-2025-191470 Malicious code in org.mvnpm:posthog-node (Maven)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ea90a5928d7667bed4fa9f6effbbe6c8d3ad6521ca51ca2b01551bc02373a7d2 This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and...

Malicious code in @voiceflow/dependency-cruiser-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f310f0649a09ab3e8f8ca155d2067e1f39ad9ac40a987851fd0dd352ffc268fe The package @voiceflow/dependency-cruiser-config was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191275 Malicious code in @oku-ui/switch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 740a6698034fbce630b1da1ce44728782b3f71faffd3ee2801c45b6a3f9e6f7e The package @oku-ui/switch was found to contain malicious code. Source: google-open-source-security...

Malicious code in @fishingbooker/react-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90a19dbfbd7292340e4857d9c40d537185efb1402a471df4b8346b4ae3575d3f The package @fishingbooker/react-loader was found to contain malicious code. Source: ghsa-malware...

CVE-2022-45155 obs-service-go_modules: arbitrary directory delete

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

CVE-2022-45155 obs-service-go_modules: arbitrary directory delete

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

CVE-2020-4214

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026...

CVE-2020-4214

CVE-2020-4214 affects IBM Spectrum Protect Plus 10.1.0–10.1.5. It is caused by improper validation of user-supplied input, allowing a remote attacker to remotely delete directories. The IBM bulletin lists the affected product, versions, and impact (arbitrary directory deletion). Remediation: appl...

CVE-2020-4214

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026...

Design/Logic Flaw

The web-restore interface in Avamar Data Store ADS and Avamar Virtual Edition AVE in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation...