37 matches found
Smarter Saboteurs, Better Fixers: Scaling and Security in Linear Multi-Agent Workflows
As LLM-based multi-agent systems MAS are deployed in the wild, the resilience of their collaboration structures against adversarial compromise becomes a critical safety concern. Attackers may leverage prompt-injection or jailbreaking to sabotage individual agents within MAS workflows, but the...
Hardening Agent Benchmarks with Adversarial Hacker-Fixer Loops
Agent benchmarks score submissions with outcome verifiers that are typically hand-written and brittle, leaving them open to reward hacking. We audit 1,968 tasks across five terminal-agent benchmarks and find 323 16% hackable by frontier models given only the task description. This corrupts both...
CVE-2025-14845 NS IE Compatibility Fixer <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update
The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...
WordPress plugin NS IE Compatibility Fixer 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site reques...
PT-2026-1567
Name of the Vulnerable Software and Affected Versions NS IE Compatibility Fixer plugin for WordPress versions through 2.1.5 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation on the settings update functionality. This allows attackers...
WordPress NS IE Compatibility Fixer plugin <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin NS Ie Compatibility Fixer versions = 2.1.5...
EUVD-2025-41740
Malicious code in phantom-fixer npm...
Malicious code in phantom-fixer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12a29d0b7233f4c6d8534448b0202eaddc448817008782120ede8110b31b010d The package phantom-fixer was found to contain malicious code. Source: ghsa-malware 08b29349698428ef5ef1924bece07e739b2c0dc4ee6be172dba838e6c5e4dabd...
Malicious Package
Overview phantom-fixer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-50728 Malicious code in phantom-fixer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12a29d0b7233f4c6d8534448b0202eaddc448817008782120ede8110b31b010d The package phantom-fixer was found to contain malicious code. Source: ghsa-malware 08b29349698428ef5ef1924bece07e739b2c0dc4ee6be172dba838e6c5e4dabd...
CVE-2021-26275
The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted...
CVE-2025-0809
The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2025-0809
CVE-2025-0809 covers the WordPress plugin Link Fixer (permalink-finder) with a Stored Cross-Site Scripting (XSS) vulnerability reported for versions up to and including 3.4. The root cause is described as insufficient input sanitization and output escaping, enabling unauthenticated attackers to i...
CVE-2025-0809 Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting
The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2025-0809 Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting
The Link Fixer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via broken links in all versions up to, and including, 3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
PT-2025-4063 · WordPress · Link Fixer
Name of the Vulnerable Software and Affected Versions: The Link Fixer plugin for WordPress versions up to, and including, 3.4 Description: The issue is related to Stored Cross-Site Scripting via broken links due to insufficient input sanitization and output escaping. This allows unauthenticated...
WordPress plugin Link Fixer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Link Fixer plugin <= 3.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by omstaendlig in WordPress Plugin Link Fixer versions = 3.4...
eu.europa.ec.joinup.sd-dss:dss-cookbook (=6.0), eu.europa.ec.joinup.sd-dss:dss-jacoco-coverage (=6.0) +7 more potentially affected by CVE-2024-28109 via org.verapdf:core-jakarta (=1.24.1)
org.verapdf:core-jakarta MAVEN version =1.24.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.verapdf:core-jakarta and may be impacted: - eu.europa.ec.joinup.sd-dss:dss-cookbook =6.0 - eu.europa.ec.joinup.sd-dss:dss-jacoco-coverage =6.0 -...
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094 XZ-Utils Vulnerability Checker and Fixer Th...