@bicou/countries-server (>=1.6.0 <=1.6.7), @gabortorma/feathers-nitro-adapter (>=0.5.0 <=0.6.0) +10 more potentially affected by CVE-2026-44372 via nitropack (>=2.10.4 <=2.13.1)

nitropack NPM version =2.10.4, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =4.0.0, =4.0.0-29145487.7beaa672, =2.0.0-beta.131, =1.0.2, =4.0.0, =0.1.0, =4.0.0-29145487.7beaa672, =4.0.1-29212698.365e81c1 Source cves: CVE-2026-44372 Source advisory: SNYK:JS-NITROPACK-16757946...

@analogjs/platform (>=0.1.0-beta.15 <=0.2.0-beta.13), @analogjs/vite-plugin-nitro (>=0.2.0-beta.2 <=0.2.0-beta.13) +55 more potentially affected by CVE-2026-44372 via nitropack (>=0.2.11 <=2.13.1)

nitropack NPM version =0.2.11, =0.1.0-beta.15, =0.2.0-beta.2, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =5.0.0-rc.108, =5.0.0-rc.108, =1.0.0, =1.0.0, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.15.0 and more Source cves: CVE-2026-44372 Source advisory: OSV:GHSA-9PHM-9P8F-HW5M...

@bicou/countries-server (>=1.6.0 <=1.6.7), @gabortorma/feathers-nitro-adapter (>=0.5.0 <=0.6.0) +10 more potentially affected by CVE-2026-44373 via nitropack (>=2.10.4 <=2.13.1)

nitropack NPM version =2.10.4, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =4.0.0, =4.0.0-29145487.7beaa672, =2.0.0-beta.131, =1.0.2, =4.0.0, =0.1.0, =4.0.0-29145487.7beaa672, =4.0.1-29212698.365e81c1 Source cves: CVE-2026-44373 Source advisory: SNYK:JS-NITROPACK-16757953...

@analogjs/platform (>=0.1.0-beta.15 <=0.2.0-beta.13), @analogjs/vite-plugin-nitro (>=0.2.0-beta.2 <=0.2.0-beta.13) +55 more potentially affected by CVE-2026-44373 via nitropack (>=0.2.11 <=2.13.1)

nitropack NPM version =0.2.11, =0.1.0-beta.15, =0.2.0-beta.2, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =5.0.0-rc.108, =5.0.0-rc.108, =1.0.0, =1.0.0, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.15.0 and more Source cves: CVE-2026-44373 Source advisory: OSV:GHSA-5W89-W975-HF9Q...

EUVD-2024-34381

Malicious code in bioql PyPI...

CVE-2024-11851

CVE-2024-11851 affects the NitroPack WordPress plugin (versions ≤ 1.17.0). An authenticated attacker with subscriber+ privileges can update arbitrary transients due to a missing capability check in nitropack_rml_notification, with transients limited to integers. Connected sources (Patchstack/Red ...

CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

CVE-2024-11851 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update

The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropackrmlnotification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher...

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...