MAL-2025-39904 Malicious code in xo-jquery-mask-plugin (npm)

The package xo-jquery-mask-plugin was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security f59460b8ba9281b320efd1888070928d3c31f86dd0770c7fe38d1f2eecc1e66b This package installs a dependency hosted on a custom domain that...

Linux Distros Unpatched Vulnerability : CVE-2015-7943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module...

Linux Distros Unpatched Vulnerability : CVE-2020-25814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss...

Linux Distros Unpatched Vulnerability : CVE-2017-6929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it...

SUSE CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

Malicious code in jquery-tools (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6288 Malicious code in jquery-tools (npm)

The package communicates with a domain associated with malicious activity...

WordPress plugin Work The Flow File Upload 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...

CVE-2025-34100

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...

Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS

Summary Vulnerabilities exist in IBM Netezza Analytics - NPS are addressed in 11.2.29 Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted request using an overly large...

Malicious code in jquery-zoomer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acbf4e3c76ef6d0551f9bcc3420755fcabf7d985871c714a3ea7cfdcb43a6d94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5785 Malicious code in jquery-zoomer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acbf4e3c76ef6d0551f9bcc3420755fcabf7d985871c714a3ea7cfdcb43a6d94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-34100

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...

CVE-2025-34100 BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to...

CVE-2025-34100

BuilderEngine 3.5.0 is vulnerable due to the integration of elFinder 2.0 and the jQuery File Upload plugin, which fails to validate file types/locations during uploads. This unauthenticated flow allows uploading a malicious PHP file and executing code on the server, producing full remote code exe...

Ubuntu: Security Advisory (USN-7622-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-29142 · Unknown +1 · Jquery File Upload +2

Name of the Vulnerable Software and Affected Versions: BuilderEngine version 3.5.0 Description: An unrestricted file upload issue exists due to the integration of elFinder 2.0 and the jQuery File Upload plugin. The plugin does not properly validate or restrict file types or locations during uploa...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103032)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103032 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : jQuery vulnerabilities (USN-7622-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7622-1 advisory. It was discovered that jQuery did not correctly handle HTML tags. An attacker could possibly use this issue to execute a cross-si...