CVE-2026-42877

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

CVE-2026-42877

CVE-2026-42877 describes a stored XSS in FacturaScripts where the product variant field referencia is injected into an onclick attribute in SalesModalHTML.php and PurchasesModalHTML.php without proper escaping. The vulnerability allows an authenticated user with warehouse access to create a malic...

CVE-2026-42877 FacturaScripts: Stored XSS via product reference in sales/purchases

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

CVE-2026-42877 FacturaScripts: Stored XSS via product reference in sales/purchases

FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales Core/Lib/AjaxForms/SalesModalHTML.php and purchases documents Core/Lib/AjaxForms/PurchasesModalHTML.php. An...

GHSA-R736-2678-FCRX FacturaScripts vulnerable to stored XSS via product reference in sales/purchases

Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...

FacturaScripts vulnerable to stored XSS via product reference in sales/purchases

Summary A stored Cross-Site Scripting XSS vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with access to the warehouse module can create a product with a malicious reference that executes arbitrary JavaScript in the browser of any other use...

📄 UltimatePOS 4.8 Cross Site Scripting

The administrative panel in UltimatePOS version 4.8 suffers from a persistent cross site scripting vulnerability. CVE-2025-60503 — Stored Cross-Site Scripting XSS in UltimatePOS UltimateFosters v4.8 Publication date: 2025-10-30 CVE ID: CVE-2025-60503 RESERVED Researcher: Vivien Lebas Vendor:...

CVE-2026-2892

The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Bypass in all versions up to, and including, 3.1.4. This is due to the 'getcustomerdata' method relying on an unsigned 'ostripedata' cookie to determine Stripe product ownership for unauthenticated users. The...

OneUptime 安全漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.42 contained security vulnerabilities. These vulnerabilities stemmed from multiple notification API endpoints not registering...

PT-2026-29316

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher...

US Lawmakers Move to Kill the FBI’s Warrantless Wiretap Access

A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline...

EUVD-2025-38432

Malicious code in bf-purchases-frontend-web npm...

Malicious code in bf-purchases-frontend-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5dd380729ba06ecc83dd6bb54612311d4c2b15fc0b2eed47205416bf280f879 The package bf-purchases-frontend-web was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-49398 Malicious code in bf-purchases-frontend-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5dd380729ba06ecc83dd6bb54612311d4c2b15fc0b2eed47205416bf280f879 The package bf-purchases-frontend-web was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2025-37322

The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to the plugin not disabling the ability to name a custom price when it has been specifically disabled for a product. This makes it...

Malicious Package

Overview purchases-roku is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2025-48754 Malicious code in purchases-roku (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c429e2a2e9aa0a6cda588f67e61e21c1830f469ed3a4b29f17845326869ba2be Any computer that has this package installed or running should be considered...

Malicious code in purchases-roku (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c429e2a2e9aa0a6cda588f67e61e21c1830f469ed3a4b29f17845326869ba2be Any computer that has this package installed or running should be considered...

EUVD-2018-5811

Malware in sbrugna...

EUVD-2024-35395

Malicious code in bioql PyPI...