Malicious code in test-mlw2-duply-hover (npm)

The package test-mlw2-duply-hover was found to contain malicious code...

MAL-2025-35252 Malicious code in test-mlw2-duply-hover (npm)

The package test-mlw2-duply-hover was found to contain malicious code...

GHSA-FJ97-2V9X-W5M4 Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-55672

Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...

CVE-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

CVE-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

Tucows (VDP): Business Logic Error – Bypass of OTP Verification During Signup on hover.com

The Business Logic Error – Bypass of OTP Verification During Signup on hover.com was a vulnerability that allowed an attacker to register an account on www.hover.com using any email address without passing the required OTP verification. The vulnerability was caused by the ability to omit the code...

CVE-2025-53258

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through = 2.1.2...

CVE-2025-6350

The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible...

WordPress plugin WP VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

CVE-2025-53258

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through = 2.1.2...

CVE-2025-53258

CVE-2025-53258 describes an SQL Injection vulnerability in the WordPress plugin Hover Effects (hover-effects) that allows exploitation due to improper neutralization of inputs. Affected versions are listed as Hover Effects

CVE-2025-53258 WordPress Hover Effects plugin <= 2.1.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through 2.1.2...

CVE-2025-53258 WordPress Hover Effects plugin <= 2.1.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wow-Company Hover Effects hover-effects allows SQL Injection.This issue affects Hover Effects: from n/a through = 2.1.2...

WordPress plugin Hover Effects SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-27165 · Wow Company · Hover Effects

Name of the Vulnerable Software and Affected Versions: Wow-Company Hover Effects versions n/a through 2.1.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2025-31025

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Blocksera Image Hover Effects Block image-hover-effects-block allows Stored XSS.This issue affects Image Hover Effects Block: from n/a through = 1.4.5...