EUVD-2025-27596

Malicious code in bioql PyPI...

CVE-2025-59038

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fix...

Prebid.js NPM package briefly compromised

Impact NPM users of prebid 10.9.2. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Patches 10.10.0 is solved References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack...

CVE-2025-59038 Prebid.js NPM package briefly compromised

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fix...

PT-2025-36995

Name of the Vulnerable Software and Affected Versions: Prebid.js versions prior to 10.10.0 Prebid.js version 10.9.2 Description: Prebid.js is a free and open source library used by publishers to implement header bidding. NPM users of version 10.9.2 may have been compromised by a malware campaign...

Mattermost Does Not Sanitize the Team Invite ID

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID in the POST /api/v4/teams/:teamId/restore endpoint which allows an team admin with no member invite privileges to get the team’s invite id...

PT-2025-34282 · Esri · Esri Portal For Arcgis Enterprise Sites

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 through 11.4 Description: A stored Cross-site Scripting issue exists that may allow a remote, authenticated attacker to inject a malicious file containing an XSS script. When loaded, thi...

CVE-2023-30469

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00...

CVE-2024-13323

The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-2109 · WordPress · Wp Booking Calendar

Name of the Vulnerable Software and Affected Versions: WP Booking Calendar versions up to and including 10.9.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'booking' shortcode due to insufficient input sanitization and output escaping on user-supplied...

mariadb: compress_write() fails to release mutex on failure

In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...

CVE-2023-30469

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00...

Hitachi Ops Center Analyzer 跨站脚本漏洞

Hitachi Ops Center Analyzer is a data center management software from Hitachi, Japan. It monitors, reports, and correlates end-to-end performance from servers to storage. A security vulnerability exists in Hitachi Ops Center Analyzer versions 10.9.1-00 through 10.9.2-00, which stems from the...

MariaDB DoS Vulnerability (MDEV-26431, MDEV-23809) - Linux

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...