CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

CVE-2026-5222

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the...

CVE-2025-14145

The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...

CVE-2025-14145

The CVE-2025-14145 affecting Niche Hero plugin for WordPress is a Stored XSS in the nh_row shortcode (spacing parameter). Affected versions up to 1.0.5; exploitation requires Contributor+ authentication. Patch released with version 1.0.5 (remediation: escape/sanitize input and proper output escap...

PT-2026-1632

Name of the Vulnerable Software and Affected Versions The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress versions through 1.0.5 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...

WordPress plugin Niche Hero 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Niche Hero | Beautifully-designed blocks in seconds plugin <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'spacing' Shortcode Attribute vulnerability discovered by zakaria in WordPress Plugin Niche Hero versions = 1.0.5...

[SECURITY] Fedora 43 Update: python-pydantic-extra-types-2.10.6-2.fc43

A place for pydantic types that probably shouldn't exist in the main pydantic library...

EUVD-2008-2526

Malware in sbrugna...

EUVD-2025-26025

Malicious code in bioql PyPI...

CVE-2025-48353

Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through = 1.3.5...

CVE-2025-48353

Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through = 1.3.5...

CVE-2025-48353 WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront allows Stored XSS. This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through 1.3.5...

CVE-2025-48353

CVE-2025-48353 : A CSRF to Stored XSS vulnerability exists in the dactum Clickbank WordPress Plugin (Niche Storefront). Affected component: Clickbank WordPress Plugin (Niche Storefront) versions up to and including 1.3.5. Root cause: CSRF enables stored XSS in the plugin; exploitation details are...

CVE-2025-48353 WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in dactum Clickbank WordPress Plugin Niche Storefront clickbank-niche-storefronts allows Stored XSS.This issue affects Clickbank WordPress Plugin Niche Storefront: from n/a through = 1.3.5...

WordPress plugin Clickbank WordPress Plugin (Niche Storefront) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2025-35022

Name of the Vulnerable Software and Affected Versions: dactum Clickbank WordPress Plugin Niche Storefront versions through 1.3.5 Description: A Cross-Site Request Forgery CSRF vulnerability exists in dactum Clickbank WordPress Plugin Niche Storefront, which also allows Stored Cross-Site Scripting...

WordPress Clickbank WordPress Plugin (Niche Storefront) plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross Site Request Forgery CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin Clickbank WordPress Plugin Niche Storefront versions = 1.3.5...

MetaFox 5.1.8 Shell Upload

!/usr/bin/env python3 Exploit Title: MetaFox Remote Shell Upload Google Dork: "Social network for niche communities" Exploit Author: The Joker Vendor Homepage: https://www.phpfox.com Version: = 5.1.8import jsonimport requestsimport sysif lensys.argv != 4: sys.exit"Usage: %s " % sys.argv0...

SUSE CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...