42 matches found
CVE-2026-7421
The Passeum Ticketing plugin for WordPress (all versions up to 1.0) is vulnerable to Stored XSS when the shop_name setting starts with http. The get_shop_url() method returns the raw shop_name without sufficient sanitization, and validate_shop_name() only checks for emptiness and type, allowing a...
MAL-2026-4805 Malicious code in metricflow-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9a1c269ce5e462d7e555ce1ca34b7f2e54e3d34ea094d35a67aa7c61d1fe34e The package's exported Metricflow React component defaults serverUrl to http://51.38.65.105:21531 and, when rendered, appends a tag to document.head ...
Malicious code in fe-utils-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6181b15ad071542a35154cffc71bc4771db039f548eabfe4100271000e4e3116 The package's default-exported getPlugin function fetches https://svganchordev.net/icons/110 and passes the response's data.credits field to new...
MAL-2026-4492 Malicious code in autoheal-dev-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e0f114cd638df1be1f2262e1b05dbe726cee5600a10be6d67be8ac8e1089f3d autoheal-dev-cli is a setup wizard bin/setup.js that, when run, performs three installer-harm actions against the developer running it: 1...
EUVD-2025-209821
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159
Technical details such as affected product versions, root cause, and exploit information are not publicly available in the provided documents. Monitor for updates.
CVE-2025-11159
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics - Dependency on Vulnerable Third-Party Component
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
PT-2026-40566
Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator...
Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞
Hitachi Vantara Pentaho Data Integration and Analytics is a business intelligence dashboard designer developed by the American company Hitachi Vantara. There is a security vulnerability in Hitachi Vantara Pentaho Data Integration and Analytics, which stems from the JDBC driver of the H2 database,...
Embedded Malicious Code
Overview @velora-dex/sdk is a SDK for the Velora API Affected versions of this package are vulnerable to Embedded Malicious Code that delivers a malicious payload through dist/index.js. An attacker uploaded a compromised version of the package directly to the npm registry. The payload runs a...
GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 跨站脚本漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...
EUVD-2021-27278
Malware in sbrugna...
EUVD-2021-17002
Malware in sbrugna...
Flowise vulnerable to XSS
Summary A XSScross-site scripting vulnerability is caused by insufficient filtering of input by web applications. Attackers can leverage this XSS vulnerability to inject malicious script code HTML code or client-side Javascript code into web pages, and when users browse these web pages, the...
CVE-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
PT-2024-31592 · Pagefind · Pagefind
Name of the Vulnerable Software and Affected Versions: Pagefind versions prior to 1.1.1 Description: A DOM Clobbering vulnerability exists in Pagefind, allowing an attacker to inject malicious HTML and escalate privileges. This occurs when an attacker can add elements to a page, such as img tags...
BIT-EJBCA-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...