1833 matches found
CVE-2026-24528
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
CVE-2026-24528
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
CVE-2026-24528
CVE-2026-24528 refers to a Cross-Site Scripting (DOM-Based XSS) vulnerability in Pixelgrade Nova Blocks (nova-blocks) affecting versions up to and including 2.1.9. Technical details across sources confirm an improper input handling/neutralization during web page generation that enables DOM-based ...
CVE-2026-24528
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
CVE-2026-24528 WordPress Nova Blocks plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pixelgrade Nova Blocks nova-blocks allows DOM-Based XSS.This issue affects Nova Blocks: from n/a through = 2.1.9...
WordPress plugin Nova Blocks has a cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-4377
Name of the Vulnerable Software and Affected Versions pixelgrade Nova Blocks versions through 2.1.9 Description The software contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site Scripting XSS condition. This allows for potential maliciou...
PT-2026-20315
Name of the Vulnerable Software and Affected Versions OpenStack Nova affected versions not specified Description The software calls qemu-img without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image...
CVE-2025-15371 Tenda i24 Shadow File hard-coded credentials
A vulnerability has been found in Tenda i24, 4G03 Pro, 4G05, 4G08, G0-8G-PoE, Nova MW5G and TEG5328F up to 65.10.15.6. Affected is an unknown function of the component Shadow File. Such manipulation with the input Fireitup leads to hard-coded credentials. An attack has to be approached locally. T...
Tenda多款产品 信任管理问题漏洞
Tenda i24 and others are products of Tenda, a Chinese company. tenda i24 is a wireless router. tenda 4G03 is a wireless router tenda 4G05 is a wireless router. A trust management issue vulnerability exists in various Tenda products.The vulnerability stems from incorrect operation of the Shadow Fi...
Penetration Testing of Agentic AI: A Comparative Security Analysis across Models and Frameworks
Agentic AI introduces security vulnerabilities that traditional LLM safeguards fail to address. Although recent work by Unit 42 at Palo Alto Networks demonstrated that ChatGPT-4o successfully executes attacks as an agent that it refuses in chat mode, there is no comparative analysis in multiple...
nova-act (>=2.3.18.0 <=3.1.18.0) potentially affected by unknown CVE via strands-agents (=1.14.0)
strands-agents PYPI version =1.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on strands-agents and may be impacted: - nova-act =2.3.18.0, =3.1.18.0 Source cves: unknown CVE Source advisory: SNYK:PYTHON-STRANDSAGENTS-14157238...
Malicious code in nova-angular-project (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c1edbc661355ab22d5857395431ed8c7eb4bd73b77e1080a8cdb5ad1c386a8e The package nova-angular-project was found to contain malicious code...
MAL-2025-191521 Malicious code in nova-angular-project (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6c1edbc661355ab22d5857395431ed8c7eb4bd73b77e1080a8cdb5ad1c386a8e The package nova-angular-project was found to contain malicious code...
EUVD-2025-200048
Malicious code in nova-angular-project npm...
TencentOS Server 4: openstack-glance (TSSA-2025:0076)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0076 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2025-175459
Malicious code in yakutsk-luna-nova-triton npm...
Malicious code in yakutsk-luna-nova-triton (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1247a887e7b5c2f9fd964d4f486657e8b0b2f0cb3db19d32b6971e95515ac6f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178551
Malicious code in helmet-terser-isostasy-nova npm...