244 matches found
Payment apps are watching what you say (Lock and Code S07E11)
This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: Fixed the race condition in serdev. The yt21380fcserdevprobe function calls devmserdevdeviceopen before setting the client operations using serdevdevicesetclientops. This...
Malicious code in @antv/g-plugin-yoga (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: ucsiacpi: Increase the command completion timeout Commit 130a96d698d7 "usb: typec: ucsi: acpi: Increase command completion timeout value" increased the timeout from 5 seconds to 60 seconds due to issues related to alternate...
CVE-2026-32377
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
EUVD-2026-11879
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
CVE-2026-32377
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
CVE-2026-32377 WordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
CVE-2026-32377 WordPress Pranayama Yoga theme <= 1.2.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
CVE-2026-32377
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
CVE-2026-32377
CVE-2026-32377 affects the WordPress Pranayama Yoga theme (pranayama-yoga) up to version 1.2.2. Root cause: missing Authorization / broken access control enabling exploitation of incorrectly configured access control security levels. Impact: potential unauthorized access or actions due to access-...
PT-2026-25224
Missing Authorization vulnerability in raratheme Pranayama Yoga pranayama-yoga allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pranayama Yoga: from n/a through = 1.2.2...
WordPress plugin Pranayama Yoga 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...
GHSA-H3HW-29FV-2X75 @envelop/graphql-modules has a Race Condition vulnerability
Summary Context race condition when using useGraphQLModules plugin Details Related to: https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7 When 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the...
@envelop/graphql-modules has a Race Condition vulnerability
Summary Context race condition when using useGraphQLModules plugin Details Related to: https://github.com/graphql-hive/graphql-modules/security/advisories/GHSA-53wg-r69p-v3r7 When 2 or more parallel requests are made which trigger the same service, the context of the requests is mixed up in the...
MAL-2025-191320 Malicious code in @silgi/yoga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8aabbdab5840682c4f335a1ae8ff93ff305af445e00bacb5f10b1fd85b7ba1 The package @silgi/yoga was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-199432
Malicious code in @silgi/yoga npm...
CVE-2025-54718
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Reflected XSS.This issue affects Yogi - Health Beauty & Yoga: from n/a through = 2.9.2...
EUVD-2025-37987
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Reflected XSS.This issue affects Yogi - Health Beauty & Yoga: from n/a through = 2.9.2...
CVE-2025-54718
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Reflected XSS.This issue affects Yogi - Health Beauty & Yoga: from n/a through = 2.9.2...