377 matches found
Information Exposure
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Information Exposure via the includes/Skin/Skin.Ph...
CVE-2026-34092 Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34092 Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34092
CVE-2026-34092 affects Wikimedia Foundation MediaWiki. The information exposure arises from the includes/Skin/Skin.Php component, where UI elements in the tools sidebar reveal autoblocked IP presence. Affected versions are MediaWiki before 1.43.7, 1.44.4, and 1.45.2. Remediation is to upgrade to ...
Lemmy may expose private community data through community, saved, liked, and modlog API views
Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alice, a former accepted follower, can still...
Linux Distros Unpatched Vulnerability : CVE-2026-20915
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject...
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar
Stored cross-site scripting XSS in Checkmk version 2.5.0 beta before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0b2 contained security vulnerabilities. These vulnerabilities were caused by stored cross-site scripting, which could allow authenticated users to inject malicious JavaScript into the Pending...
Malicious code in sidebar-basket (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd1b121a57bf0b4d96e4f902f6d051ff5b485ab7fc412f8940ce2c294ddb660 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview sidebar-basket is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2101 Malicious code in sidebar-basket (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware abd1b121a57bf0b4d96e4f902f6d051ff5b485ab7fc412f8940ce2c294ddb660 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-22459
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...
EUVD-2026-9579
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 1.7.4...
CVE-2026-22459
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...
CVE-2026-22459
CVE-2026-22459 affects the WordPress plugin WP CTA – Call Now Button, Sticky Button & Call to Action Builder (easy-sticky-sidebar). The issue is a Missing Authorization vulnerability due to incorrectly configured access control, allowing exploitation within WordPress CTA versions up to 2.1.2. Wor...
CVE-2026-22459 WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...
PT-2026-23200
Name of the Vulnerable Software and Affected Versions WordPress CTA easy-sticky-sidebar versions through 1.7.4 Description The software contains a missing authorization flaw that allows exploitation due to incorrectly configured access control security levels. Recommendations Update WordPress CTA...
WordPress plugin CTA easy-sticky-sidebar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-3041
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of the argument sidebar.content leads to cro...
Malicious Package
Overview @kiukicom/sidebar is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...