EUVD-2025-26906

Malicious code in bioql PyPI...

EUVD-2023-57838

Malicious code in bioql PyPI...

EUVD-2025-31062

Malicious code in bioql PyPI...

EUVD-2025-6150

Malicious code in bioql PyPI...

EUVD-2025-31207

Malicious code in bioql PyPI...

EUVD-2025-24409

Malicious code in bioql PyPI...

EUVD-2024-50873

Malicious code in bioql PyPI...

EUVD-2024-40610

Malicious code in bioql PyPI...

EUVD-2025-11682

Malicious code in bioql PyPI...

EUVD-2025-8583

Malicious code in bioql PyPI...

EUVD-2025-27039

Malicious code in bioql PyPI...

CVE-2025-57328

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on...

CVE-2025-10377

The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sdtogglelogs function. This makes it possible for unauthenticated attackers to toggle critical logging settings...

PT-2025-39684

🔴 https://t.co/GlL5deDG8n toggle-array Prototype Pollution Vulnerability CVE-2025-42505 Low Severity...

PT-2025-39486

Name of the Vulnerable Software and Affected Versions System Dashboard plugin for WordPress versions prior to 2.8.21 Description The System Dashboard plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by a lack of nonce validation in the sd toggle logs function...

WordPress plugin System Dashboard 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

4d-oled (>=1.0.0 <=1.0.2), @abb92/holidates (>=1.0.0 <=1.0.1) +974 more potentially affected by CVE-2025-57328 via toggle-array (>=0.1.0 <=1.0.1)

toggle-array NPM version =0.1.0, =1.0.0, =1.0.0, =5.0.0, =4.0.2, =0.0.0-snapshot-ZERO-3343-20250425065225, =0.8.1-beta.2, =0.1.0, =0.1.1-a, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.11.0 and more Source cves: CVE-2025-57328 Source advisory: SNYK:JS-TOGGLEARRAY-13110016...

4d-oled (>=1.0.0 <=1.0.2), @abb92/holidates (>=1.0.0 <=1.0.1) +974 more potentially affected by CVE-2025-57328 via toggle-array (>=0.1.0 <=1.0.1)

toggle-array NPM version =0.1.0, =1.0.0, =1.0.0, =5.0.0, =4.0.2, =0.0.0-snapshot-ZERO-3343-20250425065225, =0.8.1-beta.2, =0.1.0, =0.1.1-a, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.11.0 and more Source cves: CVE-2025-57328 Source advisory: OSV:GHSA-34Q3-8X9V-J957...

GHSA-34Q3-8X9V-J957 toggle-array vulnerable to prototype pollution

toggle-array is a package designed to enables a property on the object at the specified index, while disabling the property on all other objects. A Prototype Pollution vulnerability in the enable and disable function of toggle-array v1.0.1 and before allows attackers to inject properties on...

Prototype Pollution

Overview toggle-array is an In an array of objects, this enables a property on the object at the specified index, while disabling the property on all other objects. Affected versions of this package are vulnerable to Prototype Pollution via the enable and disable functions. An attacker can modify...