MAL-2025-192641 Malicious code in tailwind-color-shine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a354c1527256b0cbb0309429b90ad036ded6b2cc1b2d29b8f2809af26f718cf7 The package tailwind-color-shine was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-204512

Malicious code in tailwind-color-shine npm...

Malicious code in tailwind-color-shine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a354c1527256b0cbb0309429b90ad036ded6b2cc1b2d29b8f2809af26f718cf7 The package tailwind-color-shine was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview tailwind-color-shine is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-64372

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-36750

ShineLan-X contains a stored cross site scripting XSS vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious code...

CVE-2025-36752

CVE-2025-36752 affects Growatt ShineLan-X communication dongle. The vulnerability arises from an undocumented backup account with undocumented credentials, enabling high-privilege access and potentially full control of the device, including the Setting Center. Multiple sources corroborate a backd...

EUVD-2025-197747

Malicious code in react-native-animated-shine npm...

Malicious code in react-native-animated-shine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5050403e37c46819e95b4473ce0825d3dfe40bf8b41941ecd666e9b5048ffb14 The package react-native-animated-shine was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview react-native-animated-shine is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2024-33800

Malicious code in bioql PyPI...

EUVD-2025-8520

Malicious code in bioql PyPI...

CVE-2025-59012

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in shinetheme Traveler traveler allows Reflected XSS.This issue affects Traveler: from n/a through 3.2.3...

CVE-2024-11412

The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress Shine PDF Embeder plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Shine PDF Embeder versions = 1.0...

CVE-2024-11412

The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11412 Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11412

CVE-2024-11412 affects the Shine PDF Embeder WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s shortcodes (shinepdf) present in all versions up to and including 1.0, caused by insufficient input sanitization and output escaping for user-supplied attributes...

WordPress plugin Shine PDF Embeder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Shine PDF Embeder Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Shine PDF Embeder Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11412 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 88b9ec7db196 Credits SOPROBRO Required privile...