4108 matches found
WordPress plugin ProfileGrid – User Profiles, Groups and Communities 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Malicious code in express-groups-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d54e03ffa96877bc24a447c0a77e5c096894fd82176e5705d62713eb5f20f10 The package express-groups-routes was found to contain malicious code. Source: ghsa-malware...
Malicious Package
Overview express-groups-routes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-722 Malicious code in express-groups-routes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5d54e03ffa96877bc24a447c0a77e5c096894fd82176e5705d62713eb5f20f10 The package express-groups-routes was found to contain malicious code. Source: ghsa-malware...
📄 Blesta 5.13.1 Admin Interface PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...
CVE-2019-25265
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
EUVD-2019-19380
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
CVE-2019-25265
CVE-2019-25265 affects Online Inventory Manager 3.2, with a stored cross-site scripting flaw in the group description field of the admin Edit Groups page. The vulnerability allows injecting JavaScript that executes when the groups page is viewed, potentially enabling cookie theft and client-side ...
MAL-2026-656 Malicious code in jshint-groups (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cf7ad9a58a15b025d84def4a32761ec77338fbcda7ef3ae459602eacfaf4595 The package jshint-groups was found to contain malicious code. Source: ghsa-malware fe1d6fde4a749fdb784071c856d26761b12fdceffae0020f2492a4a845eb04f4...
Malicious code in jshint-groups (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cf7ad9a58a15b025d84def4a32761ec77338fbcda7ef3ae459602eacfaf4595 The package jshint-groups was found to contain malicious code. Source: ghsa-malware fe1d6fde4a749fdb784071c856d26761b12fdceffae0020f2492a4a845eb04f4...
Malicious Package
Overview jshint-groups is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
PT-2026-5801
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie...
WordPress Himer theme < 2.1.1 - Subscriber+ Private Group Joining via IDOR vulnerability
Subscriber+ Private Group Joining via IDOR vulnerability discovered by Sushmita Poudel in WordPress Theme Himer versions 2.1.1...
Google Disrupts IPIDEA — One of the World's Largest Residential Proxy Networks
Google on Wednesday announced that it worked together with other partners to disrupt IPIDEA, which it described as one of the largest residential proxy networks in the world. To that end, the company said it took legal action to take down dozens of domains used to control devices and proxy traffi...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005106)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005106 advisory. In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate Triggers which have trigger...
python-protobuf: Unbounded recursion in Python Protobuf
A flaw was found in the python protobuf package which can result in a denial of service. Applications that parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags can be corrupted by exceeding the Python recursion...
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
PeckBirdy is a sophisticated JScript-based C&C framework used by China-aligned APT groups to exploit LOLBins across multiple environments, delivering advanced backdoors to target gambling industries and Asian government entities...