7 matches found
CVE-2026-8340 Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion
Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with editfilecontents permission is CSRF'd into publishing an attacker-chosen previously-uploaded version downgrade to an older version of a file, or activation of a co-editor's unpublished version. The...
CVE-2025-59039
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...
CVE-2025-59039 Prebid Universal Creative on npm briefly compromised
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...
CVE-2025-59039
The CVE-2025-59039 incident concerns Prebid Universal Creative (PUC), a JavaScript API used to render multiple formats. NPM users of PUC 1.17.3 or the latest release were briefly affected by crypto-related malware, including via the popular jsDelivr hosting of the PUC file. In response, maintaine...
CVE-2025-59039 Prebid Universal Creative on npm briefly compromised
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...
CVE-2025-59039 Prebid Universal Creative on npm briefly compromised
Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...
PT-2025-36996
Name of the Vulnerable Software and Affected Versions: Prebid Universal Creative PUC versions 1.17.3 and latest Description: Prebid Universal Creative PUC is a JavaScript API used to render multiple formats. Npm users of PUC were briefly affected by crypto-related malware. Recommendations:...