@stacker-oss/cli (>=0.1.0 <=0.1.2), @sykoramaros/marosh-components (>=0.0.6 <=0.1.17) +2 more potentially affected by unknown CVE via @tanstack/router-cli (=1.166.43)

@tanstack/router-cli NPM version =1.166.43 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/router-cli and may be impacted: - @stacker-oss/cli =0.1.0, =0.0.6, =0.0.4, =0.0.2, =0.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3472...

@stacker-oss/cli (>=0.1.0 <=0.1.2), @sykoramaros/marosh-components (>=0.0.6 <=0.1.17) +2 more potentially affected by CVE-2026-45321 via @tanstack/router-cli (=1.166.43)

@tanstack/router-cli NPM version =1.166.43 is affected by a known vulnerability. The following packages have a transitive dependency on @tanstack/router-cli and may be impacted: - @stacker-oss/cli =0.1.0, =0.0.6, =0.0.4, =0.0.2, =0.0.3 Source cves: CVE-2026-45321 Source advisory:...

EUVD-2014-5424

Malware in sbrugna...

EUVD-2024-46278

Malicious code in bioql PyPI...

CVE-2024-5003

The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5003 WP Stacker <= 1.8.5 - Stored XSS via CSRF

The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5003

CVE-2024-5003 affects WP Stacker WordPress plugin

WordPress plugin WP Stacker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP Stacker plugin <= 1.8.5 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Stacker versions = 1.8.5...

WordPress WP Stacker Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Stacker Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-5003 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 63e4d919bc93 Credits Bob Matyas Required privilege...

WP Stacker <= 1.8.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML document containing: alert888' / alert2' /...

WP Stacker <= 1.8.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make an admin open an HTML document containing:...

Design/Logic Flaw

Totolink A3600R V4.1.2cu.5182B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via the parameter CONTENTLENGTH...

CVE-2022-29377

Totolink A3600R V4.1.2cu.5182B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via the parameter CONTENTLENGTH...

CVE-2022-29377

CVE-2022-29377 affects Totolink A3600R router firmware version V4.1.2cu.5182_B20201102. The vulnerability is a stack overflow in the fread function of infostat.cgi, caused by improper handling of CONTENT_LENGTH, which can be exploited to trigger a Denial of Service (DoS). The available documents ...

CVE-2021-30486

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...

Sql injection

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...

CVE-2021-30486

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...

CVE-2021-30486

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). The CVE-2021-30486 entries confirm this remote, ...

CVE-2014-5537

The Abduction Stacker Free aka air.com.chewygames.abductionstacker2 application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...