Unauthenticated Network Exposure

marimo is vulnerable to unauthenticated network exposure. The vulnerability is due to the /mpl// endpoint being accessible without authentication, which allows an attacker to reach internal services and arbitrary ports...

EUVD-2025-12322

Malicious code in bioql PyPI...

GHSA-XJV7-6W92-42R7 marimo vulnerable to proxy abuse of /mpl/{port}/

Summary The /mpl// endpoint, which is accessible without authentication on default Marimo installations allows for external attackers to reach internal services and arbitrary ports. Details From our understanding, this route is used internally to provide access to interactive matplotlib...

MAL-2025-12412 Malicious code in @zalastax/nolb-mpl (npm)

The package @zalastax/nolb-mpl was found to contain malicious code...

Malicious code in @zalastax/nolb-mpl (npm)

The package @zalastax/nolb-mpl was found to contain malicious code...

CVE-2025-46226

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher mpl-publisher allows Stored XSS.This issue affects MPL-Publisher: from n/a through = 2.18.0...

WordPress MPL-Publisher plugin <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin MPL-Publisher versions = 2.18.0...

CVE-2025-46226

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0...

CVE-2025-46226

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher mpl-publisher allows Stored XSS.This issue affects MPL-Publisher: from n/a through = 2.18.0...

CVE-2025-46226

CVE-2025-46226: Stored XSS in MPL-Publisher

CVE-2025-46226 WordPress MPL-Publisher plugin <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher mpl-publisher allows Stored XSS.This issue affects MPL-Publisher: from n/a through = 2.18.0...

CVE-2025-46226 WordPress MPL-Publisher <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ferranfg MPL-Publisher allows Stored XSS. This issue affects MPL-Publisher: from n/a through 2.18.0...

PT-2025-17493 · Ferranfg · Mpl-Publisher

Name of the Vulnerable Software and Affected Versions: ferranfg MPL-Publisher versions n/a through 2.18.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

WordPress plugin MPL-Publisher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

Malicious code in mpl-token-metadata (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e20c7d93bbedc5a446405747356b754aec260f1716a86efbef222f15a52385e Any computer that has this package installed or running should be considered...

MAL-2025-710 Malicious code in mpl-token-metadata (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e20c7d93bbedc5a446405747356b754aec260f1716a86efbef222f15a52385e Any computer that has this package installed or running should be considered...

Malicious code in old-mpl-token-metadata (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6603cd004d4fbdaf7a066de7f7057ad66c4108e0bd8d961201d12f326fc1d7bf Any computer that has this package install...

mpl-immobilier.com Cross Site Scripting vulnerability OBB-3403970

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

blockbuster (=0.0.2) potentially affected by unknown CVE via mpl-bubblegum (=0.1.1)

mpl-bubblegum CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on mpl-bubblegum and may be impacted: - blockbuster =0.0.2 Source cves: unknown CVE Source advisory: OSV:GHSA-8R76-FR72-J32W...

gemachain-bpf-loader-program (=1.8.0), hpl-reward-center (>=0.1.0 <=0.2.4) +57 more potentially affected by CVE-2022-31264 via solana_rbpf (>=0.1.10 <=0.2.24)

solanarbpf CARGO version =0.1.10, =0.1.0, =1.1.6, =0.2.1, =0.1.0, =0.1.0, =1.2.3, =0.1.1, =0.1.7 and more Source cves: CVE-2022-31264 Source advisory: OSV:GHSA-FFX3-8QVM-PQ3J...