MAL-2026-211 Malicious code in @workleap-widgets/client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ef0a9fe50f30201e6a1a6a853aa62e6b2b64237598b60ac59e8c74974d8e33ca The package @workleap-widgets/client was found to contain malicious code. Source: ghsa-malware...

CVE-2024-41354

phpipam 1.6 is vulnerable to Cross Site Scripting XSS via /app/admin/widgets/edit.php...

CVE-2023-49743

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr Dashboard Widgets Suite allows Stored XSS.This issue affects Dashboard Widgets Suite: from n/a through 3.4.1...

CVE-2025-23816

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4...

CVE-2024-39662

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5...

CVE-2024-39644

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5...

CVE-2025-23722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mind3dom Mind3doM RyeBread Widgets mind3dom-ryebread-widgets allows Reflected XSS.This issue affects Mind3doM RyeBread Widgets: from n/a through = 1.0...

CVE-2025-23851

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Khushwant Singh Coronavirus COVID-19 Outbreak Data Widgets coronavirus-data-widgets allows Reflected XSS.This issue affects Coronavirus COVID-19 Outbreak Data Widgets: from n/a through = 1.1.1...

abc-network (>=0.1.0 <=0.1.3), accelerometry-annotator (>=3.2.0 <=3.5.3) +191 more potentially affected by CVE-2026-21883 via bokeh (>=3.0.0 <=3.8.1)

bokeh PYPI version =3.0.0, =0.1.0, =3.2.0, =0.2.1, =2.3.0, =1.0.0, =3.2.2, =0.3.1.1, =1.77.5, =0.2.0, =0.1.1, =0.1.0, =1.4.0, =1.0.1, =1.2.3 and more Source cves: CVE-2026-21883 Source advisory: SNYK:PYTHON-BOKEH-14894275...

CVE-2025-69007

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

WordPress Ultimate Blocks plugin <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Ultimate Blocks versions = 3.3.3...

WordPress Stratum plugin <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets vulnerability discovered by zer0gh0st in WordPress Plugin Stratum versions = 1.6.0...

WordPress Ultimate Member Widgets for Elementor plugin <= 2.3 - Missing Authorization to Unauthenticated Information Exposure vulnerability

Missing Authorization to Unauthenticated Information Exposure vulnerability discovered by Powpy in WordPress Plugin Ultimate Member Widgets for Elementor versions = 2.3...

CVE-2023-54233

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

UBUNTU-CVE-2023-54233

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

EUVD-2025-205736

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

CVE-2023-54233

The CVE-2023-54233 issue affects the Linux kernel ASoC/SOF path, where IPC4 topologies containing an unsupported widget could leave the .module_info field unset, leading to a NULL dereference in sof_ipc4_route_setup() and a kernel Oops. A fix adds a guard to handle such cases. Connected sources c...

CVE-2023-54233 ASoC: SOF: avoid a NULL dereference with unsupported widgets

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

CVE-2023-54233 ASoC: SOF: avoid a NULL dereference with unsupported widgets

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

CVE-2023-54233

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...