234 matches found
California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner
A 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials...
RLSA-2026:0756 Moderate: transfig security update
The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Install transfig...
CVE-2025-14792
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14792
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14792 Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14792 Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render
The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kffieldfiguredefaultcolorrender function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14792
CVE-2025-14792: Key Figures (WordPress) plugin vulnerable to Stored XSS via kf_field_figure_default_color_render in all versions up to 1.1; affects multisite and sites with unfiltered_html disabled. Exploitation requires authenticated admin-level access; payloads execute when users visit the inje...
WordPress plugin Key Figures 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based servers. A security...
PT-2026-1580
Name of the Vulnerable Software and Affected Versions Key Figures plugin for WordPress versions prior to 1.2 Description The Key Figures plugin for WordPress is susceptible to Stored Cross-Site Scripting through the kf field figure default color render function. Insufficient input sanitization an...
WordPress Key Figures plugin <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render vulnerability
Authenticated Admin+ Stored Cross-Site Scripting via kffieldfiguredefaultcolorrender vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Key Figures versions = 1.1...
MAL-2025-186803 Malicious code in eridanus-antimatter-figures-dotenv-safe (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc9f078e333a05d5703ffb66d84694f1b93317ddb74c0ff6cd1be5c855ec5899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178799
Malicious code in gacrux-figures-postcss-fornax npm...
EUVD-2025-178914
Malicious code in figures-middleware-proxima-jabbah npm...
Malicious code in init-venus-sync-figures (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41b6e40d812a9363fa5f719d89f8033b005cc387fbeadb50dac11ca6fcd9ba44 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178918
Malicious code in figures-duplex-magnetar-await npm...
EUVD-2025-177333
Malicious code in panspermia-seismology-yildun-figures npm...
EUVD-2025-176708
Malicious code in release-it-nova-orbit-figures npm...
EUVD-2025-178440
Malicious code in impulse-dependencies-spinner-figures npm...
EUVD-2025-178920
Malicious code in figures-betelgeuse-ethology-magellan npm...
EUVD-2025-178919
Malicious code in figures-duplex-halley-vuetify npm...