MAL-2026-3119 Malicious code in @pyme-web/ui-widget (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a73f6d1f150b07a8023fdef84fc4cc091a7cecbed37ff3364bfb328747951526 The package @pyme-web/ui-widget was found to contain malicious code. Source: ghsa-malware...

April 22, 2025—KB5055629 (OS Builds 22621.5262 and 22631.5262) Preview

April 22, 2025—KB5055629 OS Builds 22621.5262 and 22631.5262 Preview For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, version 23H2, see its update history page. Be sure to follow @WindowsUpdate ...

CVE-2024-43967

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...

PT-2023-7982 · Zabbix +4 · Zabbix +4

Name of the Vulnerable Software and Affected Versions: Zabbix versions affected versions not specified Description: The issue is related to the incorrect handling of security prefixes in cookie names, specifically the zbx session cookie, which can allow a remote attacker to elevate their...

Trend Micro Mobile Security for Enterprises widget WFUser Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Trend Micro Mobile Security for Enterprises. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WFUser class defined within the web/widget path. The issu...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23543 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...

Zendesk: a stored xss in web widget chat

The researcher found a stored XSS vulnerability where an end-user was able to execute arbitrary Javascript against the Zendesk agent via the chat integration. The researcher participated in the Zendesk 2016 holiday promotion and was awarded the Zendesk promotional bounty...