533 matches found
MAL-2026-6905 Malicious code in winston-prism (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06134c2a9c642914c91312e4d0184158fda282ec1bb3715fc143e7834993e266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in winston-prism (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06134c2a9c642914c91312e4d0184158fda282ec1bb3715fc143e7834993e266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2026-42562
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Unauthenticated users can access page metadata on any page that has a configured summary template. This allows for the disclosure of private, draft, and restricted pages, leaking information suc...
MAL-2026-2805 Malicious code in winston-prisma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2a581514f0a9f03ad807946bb8aa90ed013936e91ed2a413ced0966986921 The package winston-prisma was found to contain malicious code...
Malicious code in winston-prisma (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8bc2a581514f0a9f03ad807946bb8aa90ed013936e91ed2a413ced0966986921 The package winston-prisma was found to contain malicious code...
CVE-2026-1981
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...
CVE-2026-1981
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...
WordPress Winston AI plugin <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI versions = 0.0.3...
WordPress plugin HUMN-1 AI Website Scanner & Human Certification by Winston AI 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-1981
The Winston AI WordPress plugin (HUMN-1 AI Website Scanner & Human Certification)
CVE-2026-1981
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...
CVE-2026-1981 Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winstondisconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...
PT-2026-23761
The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston disconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...
PT-2025-48396
A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header menu.php of the component GET Parameter Handler. Executing manipulation of the argument Error can le...
EUVD-2025-178073
Malicious code in lint-markdownlint-sedimentology-winston npm...
EUVD-2025-175578
Malicious code in websockets-winston-neptune-ablation npm...
EUVD-2025-175542
Malicious code in winston-kinetic-zenith-corvus npm...
EUVD-2025-176092
Malicious code in supervisor-winston-superagent-exosphere npm...
Malicious code in winston-lint-staged-ganymede-parcel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 964fa62b6be534e55034d3bb600bcaab53ab3dfd3be346bd6d3534cd63246be6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-188015 Malicious code in meteor-cache-fomalhaut-winston (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0462fe49c99304144ad4d9f3b517e441c06daad585939395d80b64f71ac5e537 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...