116 matches found
CVE-2026-8895
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type' attributes, which are...
CVE-2026-8895
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type' attributes, which are...
CVE-2026-8895 kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type' attributes, which are...
CVE-2026-8895 kk blog card <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input sanitization and output escaping on the shortcode's 'href' and 'type' attributes, which are...
CVE-2026-8895
CVE-2026-8895 affects the WordPress plugin kk blog card up to version 1.3. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the plugin’s blog-card shortcode, caused by insufficient sanitization and output escaping of the shortcode’s href and type attributes. These values are con...
PT-2026-47677
Name of the Vulnerable Software and Affected Versions kk blog card versions prior to 1.4 Description The kk blog card plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the plugin fails to properly sanitize input and escape output for the href and type attribut...
WordPress kk blog card plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin kk blog card versions = 1.3...
CVE-2026-27653
The installers for multiple products provided by Soliton Systems K.K. contain an issue with incorrect default permissions, which may allow arbitrary code to be executed with SYSTEM privileges...
The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’
Myanmar’s military has been blowing up parts of the KK Park scam compound. Experts say the actions are likely for show...
EUVD-2020-23112
Malware in sbrugna...
EUVD-2016-2036
Malware in sbrugna...
EUVD-2016-5533
Malware in sbrugna...
EUVD-2016-5044
Malware in sbrugna...
EUVD-2025-18323
Malicious code in bioql PyPI...
EUVD-2023-50841
Malicious code in bioql PyPI...
EUVD-2023-54494
Malicious code in bioql PyPI...
EUVD-2025-8605
Malicious code in bioql PyPI...
EUVD-2023-40477
Malicious code in bioql PyPI...
Malicious code in kk-proxy (npm)
The package kk-proxy was found to contain malicious code...
MAL-2025-24683 Malicious code in kk-proxy (npm)
The package kk-proxy was found to contain malicious code...