MAL-2026-4471 Malicious code in @zesyn/zeditor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...

PT-2026-37351

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking form page url' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it...

CVE-2026-27166

Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions...

CVE-2025-13604

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

CVE-2025-13604 Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

EUVD-2018-7704

Malware in sbrugna...

EUVD-2001-1286

Malware in sbrugna...

EUVD-2024-2742

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-11646

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in...

CVE-2024-47050

Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable...

CVE-2024-53556

An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL...

CVE-2024-53556

Taiga Open Redirect (CVE-2024-53556) affects Taiga v6.8.1. The vulnerability arises from accepting a crafted login URL with a modified /login?next= parameter, allowing an attacker to redirect users to arbitrary external sites. Impact is primarily user redirection; no code execution is described i...

Cross-site Scripting (XSS)

mautic/core is vulnerable to Cross-Site ScriptingXSS. The vulnerability is due to the Page URL variable not being properly sanitized, allowing malicious scripts to be executed...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page URL variable. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into the URL parameter. Details Cross-site scripting or XSS is a code vulnerability th...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Page URL variable. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts into the URL parameter. Details Cross-site scripting or XSS is a code vulnerability th...

CVE-2024-47050

Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable...

CVE-2024-47050

Affected software: Mautic (core/lib). The vulnerability is Cross-Site Scripting (XSS) in the Page URL variable used by Mautic’s tracking. Root cause: inadequate sanitization/escaping of the Page URL parameter allows attacker-controlled scripts. Impact: potential execution of malicious scripts in ...

PT-2024-32375 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.13 Mautic versions prior to 5.1.1 Description: The issue concerns Cross-Site Scripting through the Page URL variable in Mautic's tracking. This allows for potential exploitation. Recommendations: For versions prio...

PT-2024-5954 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.20 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, which can allow a remote attacker to conduct cross-site scripting attacks...

CVE-2024-27592

Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL...