MAL-2025-11000 Malicious code in @zalastax/nolb-consu (npm)

The package @zalastax/nolb-consu was found to contain malicious code...

MAL-2025-33576 Malicious code in soap-repository (npm)

The package soap-repository was found to contain malicious code...

MAL-2025-31443 Malicious code in quokka-quebec-9d0l (npm)

The package quokka-quebec-9d0l was found to contain malicious code...

MAL-2025-16054 Malicious code in bpi39 (npm)

The package bpi39 was found to contain malicious code...

MAL-2025-29403 Malicious code in pleyus (npm)

The package pleyus was found to contain malicious code...

MAL-2025-30103 Malicious code in project-dskxm-mike (npm)

The package project-dskxm-mike was found to contain malicious code...

OPENSUSE-SU-2025:15387-1 libmozjs-128-0-128.13.0-1.1 on GA media

These are all security issues fixed in the libmozjs-128-0-128.13.0-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2025-30061

Name of the Vulnerable Software and Affected Versions form-data versions 2.5.4 form-data versions 3.0.0 through 3.0.3 form-data versions 4.0.0 through 4.0.3 Description A vulnerability exists in the form-data JavaScript library due to the use of insufficiently random values when generating bounda...

CVE-2025-53569

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

CVE-2025-2537

Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library version 3.1 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-53569

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

CVE-2025-53569

CVE-2025-53569 covers a CSRF vulnerability in the Trust Payments Gateway for WooCommerce (JavaScript Library). The issue affects the plugin’s JavaScript library up to and including version 1.3.6. The connected sources consistently describe CSRF as the flaw, with no explicit exploit details provid...

CVE-2025-53569 WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

CVE-2025-53569 WordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Trust Payments Trust Payments Gateway for WooCommerce JavaScript Library trust-payments-gateway-3ds2 allows Cross Site Request Forgery.This issue affects Trust Payments Gateway for WooCommerce JavaScript Library: from n/a through = 1.3.6...

WordPress plugin Trust Payments Gateway for WooCommerce (JavaScript Library) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Magnific Popups JavaScript Library < 1.2.0 - Contributor+ Stored XSS

Description Multiple plugins are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

GHSA-994J-5C83-R424 string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)

string-math v1.2.2 was discovered to contain a Regex Denial of Service ReDoS which is exploited via a crafted input...

CVE-2025-45526

A denial of service DoS vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class. When excessively large content e.g., 100...

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat By Trellix · June 18, 2025 This blog was also written by Trishaan Kalra Introduction What happens when a trusted open source library becomes a conduit for stealthy malware delivery? That question became reality when the...

GHSA-WGC6-9F6W-H8HX Withdrawn Advisory: microlight allows a denial of service

Withdrawn Advisory This advisory has been withdrawn because the proof of concept does not demonstrate a practical security impact. This link is maintained to preserve external references. Original Description A denial of service DoS vulnerability has been identified in the JavaScript library...