Malicious code in web3-chain-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8092971594fb2e6c9a5748ec492ca88c9a8cc396917b314f09e5c3c85e0d130 The package web3-chain-sync was found to contain malicious code. Source: ghsa-malware a73489541e1d91e9e98d8ee52b10cc423ddd5b990bee23731cfa78e9bce3be0...

MAL-2026-748 Malicious code in web3-chain-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8092971594fb2e6c9a5748ec492ca88c9a8cc396917b314f09e5c3c85e0d130 The package web3-chain-sync was found to contain malicious code. Source: ghsa-malware a73489541e1d91e9e98d8ee52b10cc423ddd5b990bee23731cfa78e9bce3be0...

CVE-2026-25020

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...

CVE-2026-23109

CVE-2026-23109 affects the Linux kernel writeback subsystem. The vulnerability arises in fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes(), where the system must wait for all pages under writeback for data integrity. Because some mappings (e.g., FUSE) do not enforce data integr...

CVE-2026-23109 fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes()

In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip ASNODATAINTEGRITY mappings in waitsbinodes Above the while loop in waitsbinodes, we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse,...

WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin Sync Master Sheet Product Sync with Google Sheet for WooCommerce versions = 1.1.3...

CVE-2025-15507

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2025-15507

The CVE-2025-15507 entry concerns the WordPress plugin Magic Import Document Extractor, affected in all versions up to and including 1.0.4. The root cause is a missing capability/authorization check in the ajax_sync_usage() function, enabling unauthenticated attackers to modify the plugin’s licen...

EUVD-2025-206794

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2025-15507 Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2025-15507 Magic Import Document Extractor <= 1.0.5 - Missing Authorization to Unauthenticated Plugin License Status Modification

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to modify the plugin's...

CVE-2025-15507

The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxsyncusage function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to modify the plugin's...

PT-2026-5889

Name of the Vulnerable Software and Affected Versions Magic Import Document Extractor plugin for WordPress versions up to and including 1.0.4 Description The software is susceptible to unauthorized data modification because of a missing authorization check within the ajax sync usage function. Thi...

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

CVE-2020-37100

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

CVE-2020-37100 Sync Breeze Enterprise 12.4.18 - Unquoted Service Path

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

CVE-2020-37100

CVE-2020-37100 affects Sync Breeze Enterprise 12.4.18 with an unquoted service path, enabling local attackers to run arbitrary code with elevated privileges by hijacking the service startup path. The vulnerability concerns the binary path used to start a Windows service and allows placement of ma...

CVE-2020-37100 Sync Breeze Enterprise 12.4.18 - Unquoted Service Path

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

EUVD-2020-30976

Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the...

CVE-2026-25020 WordPress WP Sync for Notion plugin <= 1.7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through = 1.7.0...