33 matches found
[SECURITY] Fedora 44 Update: kf6-ktexttemplate-6.25.0-1.fc44
The goal of KTextTemplate is to make it easier for application developers to separate the structure of documents from the data they contain, opening the d oor for theming and advanced generation of other text such as code...
EUVD-2026-17213
CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...
CVE-2026-34557
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within group and role management functionality. Multiple input...
Malicious Package
Overview foundations-theming-base is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
MAL-2025-192630 Malicious code in foundations-theming-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d58f9a087aa35c09a66eecf85d207eecd0a562d059891388be07c1b47f566db6 The package foundations-theming-base was found to contain malicious code. Source: ghsa-malware...
Malicious code in foundations-theming-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d58f9a087aa35c09a66eecf85d207eecd0a562d059891388be07c1b47f566db6 The package foundations-theming-base was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-204506
Malicious code in foundations-theming-base npm...
Malicious code in persistent-tan-herring (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a3cd80cbb90b3a74e1270e0b20b88a5b9737704ff8c2ef54a2fa9b55fb127f82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in dasnoo-theming (npm)
The package dasnoo-theming was found to contain malicious code...
MAL-2025-17988 Malicious code in dasnoo-theming (npm)
The package dasnoo-theming was found to contain malicious code...
MAL-2025-4482 Malicious code in ideals-theming (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b76e002c6ea57373962d0b94a4186cd64f4de50ff591d923b550f96f25aa7fa Any computer that has this package installed or running should be considered...
Malicious code in ideals-theming (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b76e002c6ea57373962d0b94a4186cd64f4de50ff591d923b550f96f25aa7fa Any computer that has this package installed or running should be considered...
MAL-2025-2777 Malicious code in oasis-os-theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c78b9623607cccee2c32ab0a4090f9758e28614db6074a8a5dce410658c0ae0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in oasis-os-theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c78b9623607cccee2c32ab0a4090f9758e28614db6074a8a5dce410658c0ae0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-28833 Unrestricted filenames for logo or favicon as admin in the theming settings in nextcloud server
Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these...
Ability to control the filename when uploading a logo or favicon as admin in the theming settings
None...
Nextcloud: Ability to control the filename when uploading a logo or favicon on theming
A vulnerability existed in Nextcloud that allowed an attacker to control the filename of a logo or favicon when uploading it, by modifying the key. This could result in the attacker uploading any files directly in the webapp and path disclosure. The vulnerability has been fixed...
Malicious code in ux-gulp-theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acf7d1b2ebe5e5b7f1f7f511b711e53f72c1b309f2eaf8d14656e1e2b45d8886 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5932 Malicious code in sap-theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 754885fac96de5a9222c6aa6936b93d310c65641073f383cb42382012cec0ac9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in sap-theming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 754885fac96de5a9222c6aa6936b93d310c65641073f383cb42382012cec0ac9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...