MAL-2025-15290 Malicious code in babel-plugin-mail-transform-inline-imports-commonjs (npm)

The package babel-plugin-mail-transform-inline-imports-commonjs was found to contain malicious code...

Malicious code in handlebars-inline-precompile (npm)

The package handlebars-inline-precompile was found to contain malicious code...

Malicious code in babel-plugin-mail-transform-inline-imports-commonjs (npm)

The package babel-plugin-mail-transform-inline-imports-commonjs was found to contain malicious code...

MAL-2025-22172 Malicious code in handlebars-inline-precompile (npm)

The package handlebars-inline-precompile was found to contain malicious code...

CVE-2025-55674

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

CVE-2025-55674 Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

A bypass of the DISALLOWEDSQLFUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leadi...

CVE-2025-55674

CVE-2025-55674 affects Apache Superset up to version 5.0.0. The issue is a bypass of the DISALLOWED_SQL_FUNCTIONS denylist, allowing a user with SQL Lab access to execute blocked SQL functions and disclose sensitive information (e.g., software version). The publicly stated remediation is to upgra...

CVE-2025-8688

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-8688 Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-8688 Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode

The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin Inline Stock Quotes 跨站脚本漏洞

WordPress Inline Stock Quotes plugin is a WordPress plugin that allows users to dynamically insert stock quote information into a post or page via the stock shortcode, supporting real-time updates of stock quotes and dynamic data. WordPress Inline Stock Quotes plugin suffers from a cross-site...

PT-2025-32621 · WordPress · Inline Stock Quotes

Name of the Vulnerable Software and Affected Versions: Inline Stock Quotes plugin for WordPress versions up to and including 0.2 Description: The Inline Stock Quotes plugin for WordPress is susceptible to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on...

WordPress Inline Stock Quotes plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via stock Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Inline Stock Quotes versions = 0.2...

Linux Distros Unpatched Vulnerability : CVE-2022-49739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: Always check inode size of inline inodes Check if the inode size of stuffed inline inodes is within the allowed range when reading inodes from disk...

Linux Distros Unpatched Vulnerability : CVE-2024-42266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: btrfs: make cowfilerangeinline honor lockedpage on error The btrfs buffered write path runs...

ext4: inline: fix len overflow in ext4_prepare_inline_data

...

Linux Distros Unpatched Vulnerability : CVE-2024-0747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

Linux Distros Unpatched Vulnerability : CVE-2021-47460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 fs: Don't...

Linux Distros Unpatched Vulnerability : CVE-2021-29988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitab...

SUSE CVE-2025-38405

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128 slab or more precisely bio-biintegrity. Since commit bf4c89fc8797 "block: don't call biouninit from...