Malicious code in pear-wrk-wdk (npm)

The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

MAL-2026-1547 Malicious code in pear-wrk-wdk (npm)

The package 'pear-wrk-wdk' is part of the PhantomRaven supply chain attack campaign Wave 2. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server npm.jpartifacts.com...

CVE-2025-13920

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

CVE-2025-13920

CVE-2025-13920 concerns the WP Directory Kit WordPress plugin (versions

CVE-2025-13920

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...

EUVD-2025-37457

Malicious code in wdk-pricing-provider npm...

Malicious code in wdk-pricing-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c93fe5d1e216edcbf2fbabc1a210e2d2265a37dc038caa8477fee167dfd2f6b0 The package wdk-pricing-provider was found to contain malicious code. Source: ghsa-malware...

MAL-2025-49330 Malicious code in wdk-pricing-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c93fe5d1e216edcbf2fbabc1a210e2d2265a37dc038caa8477fee167dfd2f6b0 The package wdk-pricing-provider was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview wdk-pricing-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2014-4564

Malware in sbrugna...

EUVD-2014-4561

Malware in sbrugna...

CVE-2013-0939

EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...

CVE-2023-2278

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdkpublicaction' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those...

CVE-2023-2278

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdkpublicaction' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those...

PT-2023-18686 · WordPress · Wp Directory Kit

Name of the Vulnerable Software and Affected Versions: WP Directory Kit plugin for WordPress versions up to, and including, 1.1.9 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the wdk public action function. This enables the...

WordPress Plugin WP Directory Kit 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exists ...

CVE-2012-0828

Heap-based buffer overflow in Xchat-WDK before 1499-4 2012-01-18 xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service xchat client crash or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane BMP...

Heap overflow

Heap-based buffer overflow in Xchat-WDK before 1499-4 2012-01-18 xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service xchat client crash or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane BMP...

CVE-2012-0828

Heap-based buffer overflow in Xchat-WDK before 1499-4 2012-01-18 xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service xchat client crash or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane BMP...

CVE-2012-0828

CVE-2012-0828: A heap-based buffer overflow in Xchat-WDK before 1499-4 (Xchat 2.8.6 on Maemo) could allow remote attackers to crash the client or execute arbitrary code via a UTF-8 line from the server containing characters outside the BMP.