CLSA-2026-1779436377 cups: Fix of CVE-2026-27447

CVE-2026-27447: fix authorization bypass in cupsd by replacing case-insensitive username comparisons with byte-exact strcmp against pw-pwname; also include upstream follow-up commit 849fba7d "Fix unauthenticated print policies", Issue 1557 to restore behavior for CUPSDAUTHNONE policies with named...

EUVD-2026-14415

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores administrative authentication material in the ecospw cookie using a reversible Base64-encoded format with a static suffix. An attacker who obtains or derives this cookie value can forge a valid administrative session and gain...

EUVD-2025-13844

Malicious code in bioql PyPI...

Malicious code in @zalastax/nolb-pw (npm)

The package @zalastax/nolb-pw was found to contain malicious code...

Malicious code in @zalastax/nolb-react-pw (npm)

The package @zalastax/nolb-react-pw was found to contain malicious code...

MAL-2025-13402 Malicious code in @zalastax/nolb-pw (npm)

The package @zalastax/nolb-pw was found to contain malicious code...

MAL-2025-13728 Malicious code in @zalastax/nolb-react-pw (npm)

The package @zalastax/nolb-react-pw was found to contain malicious code...

CVE-2025-49888

Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through = 1.39...

CVE-2025-49888

Missing Authorization vulnerability in pimwick PW WooCommerce On Sale! pw-woocommerce-on-sale allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PW WooCommerce On Sale!: from n/a through = 1.39...

CVE-2024-10621

The Simple Shortcode for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pwmap shortcode in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-47473

Cross-Site Request Forgery CSRF vulnerability in pimwick PW WooCommerce Bulk Edit pw-bulk-edit allows Cross Site Request Forgery.This issue affects PW WooCommerce Bulk Edit: from n/a through = 2.134...

CVE-2025-47473

Cross-Site Request Forgery CSRF vulnerability in pimwick PW WooCommerce Bulk Edit pw-bulk-edit allows Cross Site Request Forgery.This issue affects PW WooCommerce Bulk Edit: from n/a through = 2.134...

CVE-2025-47473 WordPress PW WooCommerce Bulk Edit plugin <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in pimwick PW WooCommerce Bulk Edit pw-bulk-edit allows Cross Site Request Forgery.This issue affects PW WooCommerce Bulk Edit: from n/a through = 2.134...

CVE-2025-47473

CVE-2025-47473 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin PW WooCommerce Bulk Edit (PW WooCommerce Bulk Edit). Affected versions are up to 2.134 (from n/a through 2.134). The CVSS base score is 5.4 (Medium), with attack vector Network, attack complexity Lo...

CVE-2025-47473 WordPress PW WooCommerce Bulk Edit <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in pimwick PW WooCommerce Bulk Edit allows Cross Site Request Forgery. This issue affects PW WooCommerce Bulk Edit: from n/a through 2.134...

WordPress PW WooCommerce Bulk Edit plugin <= 2.134 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by domiee13 in WordPress Plugin PW WooCommerce Bulk Edit versions = 2.134...

WordPress plugin PW WooCommerce Bulk Edit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Malicious code in web-pw-sample-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6a6e13078b7457900b4b0b41c62e43e878b548e8fd51baf5f2e2d9c567e90a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-48694

File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component...

CVE-2024-48694

File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component...