234 matches found
California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner
A 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials...
RLSA-2026:0756 Moderate: transfig security update
The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Install transfig...
CVE-2025-14792
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14792
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14792
CVE-2025-14792: Key Figures (WordPress) plugin vulnerable to Stored XSS via kf_field_figure_default_color_render in all versions up to 1.1; affects multisite and sites with unfiltered_html disabled. Exploitation requires authenticated admin-level access; payloads execute when users visit the inje...
CVE-2025-14792 Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14792 Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
PT-2026-1580
Name of the Vulnerable Software and Affected Versions Key Figures plugin for WordPress versions prior to 1.2 Description The Key Figures plugin for WordPress is susceptible to Stored Cross-Site Scripting through the kf field figure default color render function. Insufficient input sanitization an...
WordPress plugin Key Figures 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based servers. A security...
WordPress Key Figures plugin <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via kffieldfiguredefaultcolorrender vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Key Figures versions = 1.1...
EUVD-2025-176239
Malicious code in sqlite-telesto-commitlint-figures npm...
MAL-2025-188707 Malicious code in pino-pretty-prettier-sequelize-figures (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e3bde5720db4c2110dd2e282776b87cae97883f7ed7cd03ed524b7a0c027d9e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178912
Malicious code in figures-proxima-sedna-envconfig npm...
EUVD-2025-179365
Malicious code in deimos-koa-build-figures npm...
EUVD-2025-177024
Malicious code in procyon-yaml-figures-toml npm...
EUVD-2025-175981
Malicious code in testcafe-chalk-magellan-figures npm...
EUVD-2025-178917
Malicious code in figures-elara-lithosphere-cosmicsilence npm...
EUVD-2025-178555
Malicious code in helmet-release-it-enceladus-figures npm...
MAL-2025-189894 Malicious code in testcafe-chalk-magellan-figures (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0defc1c288c0f0de3ca469123bec775b3116760a84b9dde2403275871040b7d5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178918
Malicious code in figures-duplex-magnetar-await npm...