WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting

WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

Malicious code in @mastra/docker (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd2417620dd4f98c496cdb956e0e2cf1b55f25dcc57ad7a360f072acfa88ba9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/cursor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac742321cf72f2fa4cb958772f032eeb2a3ac062d31237ef0699b9de6ac0bc41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6013 Malicious code in @mastra/cursor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ac742321cf72f2fa4cb958772f032eeb2a3ac062d31237ef0699b9de6ac0bc41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6010 Malicious code in @mastra/convex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acae13d27edf4e66aa693ee00ce3df3eb508a09c9bf7a9b934a9d3804653f3ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/auth-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0fbe96c59a0cfac17ddbee22541fc2ba13a1ef82c91d75bc4b202c66aec4e4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5999 Malicious code in @mastra/auth-auth0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0fbe96c59a0cfac17ddbee22541fc2ba13a1ef82c91d75bc4b202c66aec4e4d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/memory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92f78b0ff07c91489b166d3ba2d6d7405f35c26a8ba156d4f920d5595c3d0f67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eb94d4509745d002f2de634d4e8b797f831d24b13fa6dae2f41d67ce6441eba9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22551bc03157cad1fefb8af44f3b14c9fe9e892c083eb904e512007015e72f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6007 Malicious code in @mastra/client-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 22551bc03157cad1fefb8af44f3b14c9fe9e892c083eb904e512007015e72f9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6028 Malicious code in @mastra/memory (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92f78b0ff07c91489b166d3ba2d6d7405f35c26a8ba156d4f920d5595c3d0f67 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in create-mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12df16ee90f6c59f31e4b0b71f2dbf3a0b046e17ecae5e13399b69fec9f3c563 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6050 Malicious code in create-mastra (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12df16ee90f6c59f31e4b0b71f2dbf3a0b046e17ecae5e13399b69fec9f3c563 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-6015 Malicious code in @mastra/deployer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbd99dea462f2f28099ae0f57cd6c89edd76f08476cd9a6265b1c23defcd2b23 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/rag (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9608d74e59d524d1052f6b05c8fba2b9d181452f28a012785eb80cb6764abe3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-5957 Malicious code in @mastra/mongodb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49f8ee83c01b471839bea21d7231e347b261071539611998f952f050cded4cbb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @mastra/fastembed (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c0da5948a94944695bcec24b99ac8a6b9ae7f5f31e8407f8c731379a6fda79c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...