CVE-2026-5075 All in One SEO <= 4.9.7 - Authenticated (Contributor+) Sensitive Information Exposure via 'internalOptions' Localized Script Data

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

CVE-2026-5075

The CVE-2026-5075 affects the WordPress plugin All in One SEO Pack (All in One SEO) up to version 4.9.7. The vulnerability is a Sensitive Information Exposure due to internalOptions data being passed to wp_localize_script() in post editor contexts without effective masking. This allows authentica...

EUVD-2026-31059

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

CVE-2026-5075

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wplocalizescript in post editor contexts without effective masking for...

CVE-2026-39935 XSS-via-i18n in localised wiki names

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

CVE-2026-39935 XSS-via-i18n in localised wiki names

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - CampaignEvents Extension allows Cross-Site Scripting XSS. This issue was remediated only on the master branch...

CVE-2026-39935

The CVE-2026-39935 entry describes a Cross-Site Scripting (XSS) vulnerability in The Wikimedia Foundation MediaWiki CampaignEvents Extension. Affected versions are 1.43.7, 1.44.4, and 1.45.2, where improper input neutralization during web page generation allows XSS. The issue is tied to the Campa...

Cross-site Scripting (XSS)

Overview @pdfme/schemas is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license! Affected versions of this package are vulnerable to Cross-site Scripting XSS in the multiVariableText property panel when...

CVE-2026-21679

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText. This issue has been patched in version 2.3.1.2...

CVE-2026-21679 iccDEV has heap-buffer-overflow vulnerability in CIccLocalizedUnicode::GetText()

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText. This issue has been patched in version 2.3.1.2...

EUVD-2020-27362

Malware in sbrugna...

EUVD-2009-0919

Malware in sbrugna...

EUVD-2022-4845

Malicious code in bioql PyPI...

Unmasking Synthetic Realities in Generative AI: a Comprehensive Review of Adversarially Robust Deepfake Detection Systems

The rapid advancement of Generative Artificial Intelligence has fueled deepfake proliferation-synthetic media encompassing fully generated content and subtly edited authentic material-posing challenges to digital security, misinformation mitigation, and identity preservation. This systematic revi...

SuperPure: Efficient Purification of Localized and Distributed Adversarial Patches Via Super-Resolution GAN Models

As vision-based machine learning models are increasingly integrated into autonomous and cyber-physical systems, concerns about physical adversarial patch attacks are growing. While state-of-the-art defenses can achieve certified robustness with minimal impact on utility against highly-concentrate...

FABLE: a Localized, Targeted Adversarial Attack on Weather Forecasting Models

Deep learning-based weather forecasting models have recently demonstrated significant performance improvements over gold-standard physics-based simulation tools. However, these models are vulnerable to adversarial attacks, which raises concerns about their trustworthiness. In this paper, we first...

Malicious code in next.js-localized (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c257230b6aa3eee8eb41aece41156d6db7125e6a3973b74006f0b4b4630d28ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3769 Malicious code in next.js-localized (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c257230b6aa3eee8eb41aece41156d6db7125e6a3973b74006f0b4b4630d28ab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients int...

CLSA-2025-1741215546 cups: Fix of CVE-2024-47175

CVE-2024-47175: fixed multiple PPD vulnerabilities by validating inputs, sanitizing strings, quoting localized data, and addressing warnings in cups/ppd-cache.c and scheduler/ipp.c...