http-api-problem (>=0.50.0 <=0.50.2) potentially affected by CVE-2026-22257 via salvo (>=0.10.4 <=0.11.6)

salvo CARGO version =0.10.4, =0.50.0, =0.50.2 Source cves: CVE-2026-22257 Source advisory: OSV:GHSA-54M3-5FXR-2F3J...

CVE-2024-30547

CVE-2024-30547 is a DOM-based Cross-Site Scripting vulnerability in the WordPress plugin “Header Image Slider” where improper neutralization of input during web page generation allows DOM-based XSS. Affected: Header Image Slider versions up to 0.3. Root cause determined in connected sources as im...

CVE-2024-30461

CVE-2024-30461 affects Tumult Hype Animations (WordPress plugin) up to version 1.9.11. The issue is an DOM-based XSS caused by improper input neutralization during web page generation, enabling script execution in the context of a user’s browser. Public sources consistently describe this as a Cro...

CVE-2024-23511

CVE-2024-23511 describes a DOM-based XSS in POSIMYTH The Plus Addons for Elementor Page Builder Lite. Affected product: The Plus Addons for Elementor Page Builder Lite (WordPress plugin) with versions up to and including 5.3.3. Root cause: improper input handling during web page generation leadin...

CVE-2023-52212

CVE-2023-52212 describes a Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager, affecting versions up to 2.0.0. The connected sources identify WP Job Manager as the affected product, with the root cause being CSRF in the plugin’s handling of requests, enabling CSRF under ...

CVE-2023-50897

CVE-2023-50897 concerns the WordPress plugin Media File Renamer (WordPress plugin “Media File Renamer”). The vulnerability is described as an Unrestricted Upload of File with Dangerous Type that enables an attacker to perform an arbitrary file rename, which can lead to a Remote Code Execution (RC...

CVE-2023-49186

CVE-2023-49186 affects the WordPress plugin Machic Core (

tcpdump 4.99.6

tcpdump allows you to dump the traffic on a network. It can be used to print out the headers and/or contents of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect many attacks, or to monitor the network activities...

CVE-2023-41656

CVE-2023-41656 is a broken access control vulnerability in the WordPress plugin Better Elementor Addons up to version 1.3.7, allowing exploitation of incorrectly configured access control security levels. The issue is categorized as Missing Authorization with a CVSSv3.1 base score of 5.4 (Medium)...

CVE-2023-52210

CVE-2023-52210 concerns the WordPress plugin “Product Delivery Date for WooCommerce – Lite” (Tyche) with versions up to 2.7.0. Connected patchstack data indicates the root cause is broken access control that allows unauthenticated access, potentially impacting availability or operation. A fix is ...

CVE-2023-47232

Affected software: WordPress plugin WP Affiliate Disclosure (wp-affiliate-disclosure). Vulnerability type & root cause: Broken access control exposing limited operations to subscribers due to CSRF-like issues in check_capability, as reported for versions up to 1.2.6. Impact: Unauthorized changes ...

UBUNTU-CVE-2025-68290

In the Linux kernel, the following vulnerability has been resolved: most: usb: fix double free on late probe failure The MOST subsystem has a non-standard registration function which frees the interface on registration failures and on deregistration. This unsurprisingly leads to bugs in the MOST...

@asyncapi-actions-test/trusted-publishing-test_asyncapi-cli (>=4.1.3 <=5.4.0), @asyncapi/cli (>=3.3.0 <=6.0.0) +3 more potentially affected by unknown CVE via @asyncapi/problem (=1.0.0)

@asyncapi/problem NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/problem and may be impacted: - @asyncapi-actions-test/trusted-publishing-testasyncapi-cli =4.1.3, =3.3.0, =0.16.0, =1.4.14, =1.4.48 -...

MAL-2025-190664 Malicious code in @asyncapi/problem (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 257141d8551fbc781c4df287d30e9a7e795f6759382d0ca3c20f7c46411614ec The package @asyncapi/problem was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198676

Malicious code in @asyncapi/problem npm...

Average Hardness of SIVP for Module Lattices of Fixed Rank

The problem of finding short vectors in Euclidean lattices is a central hard problem in complexity theory. The case of module lattices i.e., lattices which are also modules over a number ring is of particular interest for cryptography and computational number theory. The hardness of finding short...

Malicious code in cute_otter_replicate_automation (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffed006fc8d54b05ca808d3b1a4c5ef864abd054647768b4df4a16cabcb81afb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

CVE-2025-10348

CVE-2025-10348 affects URVE Smart Office. The issue is a stored XSS in the report problem functionality: an attacker with low privileges can upload an SVG containing a payload, which executes when a victim visits the uploaded resource’s URL. The resource is publicly accessible without authenticat...