CVE-2026-49406

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.12, when Deno was run in BYONM mode nodeModulesDir: "manual", the module resolver did not validate that a package's resolved entrypoint stayed within its nodemodules// directory. A malicious package.json whose main field...

CVE-2026-49406

The CVE describes a vulnerability in Deno when run in BYONM mode (nodeModulesDir: "manual"): the module resolver could bypass the read boundary by resolving a package.json main field containing .. segments, allowing a malicious package to read files outside the approved --allow-read scope via req...

Astra Linux - уязвимость в mbedtls

In Arm Mbed TLS before version 2.19.0, and Arm Mbed Crypto before version 2.0.0, when deterministic ECDSA is enabled, an RNG with insufficient entropy is used for blinding. This may allow an attacker to recover a private key through side-channel attacks if a victim signs the same message multiple...

CVE-2025-68020

Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through = 2.7.13...

CVE-2025-68020 WordPress Notifier plugin <= 2.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through = 2.7.13...

CVE-2025-68020 WordPress Notifier plugin <= 2.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in WANotifier Notifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notifier: from n/a through = 2.7.13...

CVE-2025-68020

Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through = 2.7.12...

PT-2026-4063

Name of the Vulnerable Software and Affected Versions WANotifier versions through 2.7.12 Description A missing authorization issue exists in WANotifier’s notifier functionality. This allows exploitation due to incorrectly configured access control security levels. Recommendations Update WANotifie...

CVE-2025-64355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through = 2.7.12...

CVE-2025-64355 WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetElements For Elementor: from n/a through = 2.7.12...

WordPress plugin JetElements For Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...

EUVD-2025-27713

Malicious code in bioql PyPI...

EUVD-2025-26571

Malicious code in bioql PyPI...

EUVD-2025-28367

Malicious code in bioql PyPI...

CVE-2025-58594

Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through = 2.7.12...

CVE-2025-58594 WordPress Brizy Plugin <= 2.7.12 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through = 2.7.12...

CVE-2025-50050

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through = 2.7.14...

CVE-2025-47502

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick van Wobbie Mollie Forms mollie-forms allows Stored XSS.This issue affects Mollie Forms: from n/a through = 2.7.12...

CVE-2025-47502 WordPress Mollie Forms plugin <= 2.7.12 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick van Wobbie Mollie Forms mollie-forms allows Stored XSS.This issue affects Mollie Forms: from n/a through = 2.7.12...

PT-2025-1869 · WordPress · Linear

Name of the Vulnerable Software and Affected Versions: Linear plugin for WordPress versions up to, and including, 2.7.12 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'linear block buy commissions' shortcode due to insufficient input sanitization and output...