PT-2025-45310

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for WPBakery thegem-elements.This issue affects TheGem Theme Elements for WPBakery: from n/a through = 5.10.5.1...

WordPress K Elements plugin cross-site scripting vulnerability

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989112)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989112 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990067)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990067 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't skip expired elements during walk There is an asymmetry between...

CVE-2025-64362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

EUVD-2025-37331

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

CVE-2025-64362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

CVE-2025-64362 WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

CVE-2025-64362 WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through 5.5.0...

CVE-2025-64362

The CVE-2025-64362 entry maps to a DOM-based Cross-Site Scripting (XSS) in the WordPress plugin K Elements (SeventhQueen K Elements) prior to version 5.5.0. Multiple connected sources describe a flaw arising from improper input handling during web page generation, allowing arbitrary script execut...

PT-2025-44613

Name of the Vulnerable Software and Affected Versions SeventhQueen K Elements versions prior to 5.5.0 Description The software contains a flaw related to improper input handling during web page generation, specifically a DOM-Based Cross-Site Scripting XSS issue. This allows for the execution of...

WordPress Plugin K Elements 安全漏洞

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

CLSA-2025-1761859779 libxml2: Fix of 2 CVEs

CVE-2024-56171: fix use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c - CVE-2025-24928: fix stack-based buffer overflow in xmlSnprintfElements in valid.c...

WordPress K Elements plugin < 5.5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin K Elements versions 5.5.0...

Malicious Package

Overview transform-react-constant-elements is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

Malicious code in transform-react-constant-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d582d56f1f42a97702c2557fbfdcc90613da53d18adf5494b4f18c555c04398 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36853

Malicious code in transform-react-constant-elements npm...

EUVD-2023-60038

The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract...

libxml: Type confusion leads to Denial of service (DoS)

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined...

Aksis Netty ERP SQL注入漏洞

Aksis Netty ERP is an enterprise resource planning software from Aksis Turkey. An SQL injection vulnerability exists in Aksis Netty ERP versions prior to V.1.1000, which stems from improper neutralization of special elements and can lead to SQL injection attacks...