Malicious code in goodaan-nusafa-nsafidua (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fdf2a35d892b79e173e5393440731bd06dcc527ee65a2ca797f0dedc52b53b9c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress Better Find and Replace plugin <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection vulnerability

Authenticated Subscriber+ Limited Code Injection vulnerability discovered by ISMAILSHADOW in WordPress Plugin Better Find and Replace versions = 1.7.7...

PT-2025-46217

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.19 GitHub Enterprise Server versions 3.14.19 GitHub Enterprise Server versions 3.15.14 GitHub Enterprise Server versions 3.16.10 GitHub Enterprise Server versions 3.17.7 GitHub Enterprise Server...

CVE-2025-9334

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafarajax' function. This makes it possible for authenticated...

CVE-2025-9334

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafarajax' function. This makes it possible for authenticated...

CVE-2025-9334 Better Find and Replace <= 1.7.7 - Authenticated (Subscriber+) Limited Code Injection

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due to insufficient input validation and restriction on the 'rtafarajax' function. This makes it possible for authenticated...

WordPress plugin Better Find and Replace – AI-Powered Suggestions 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A code injection...

CVE-2025-12360

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12360

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-37979

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12360

CVE-2025-12360 affects the WordPress plugin Better Find and Replace – AI-Powered Suggestions . The vulnerability is a missing capability check in the rtafar_ajax() handler, present in all versions up to and including 1.7.7. As a result, authenticated attackers with Subscriber-level access can tri...

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress Better Find and Replace plugin <= 1.7.7 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Adrian Lukita in WordPress Plugin Better Find and Replace versions = 1.7.7...

PT-2025-45180

Name of the Vulnerable Software and Affected Versions Better Find and Replace – AI-Powered Suggestions plugin for WordPress versions through 1.7.7 Description The software is susceptible to unauthorized API usage because of a missing capability check within the rtafar ajax function. This allows...

WordPress plugin Better Find and Replace – AI-Powered Suggestions 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... An authorization iss...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990547)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990547 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace If mpolnew is allocated but not used in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989365)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989365 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpolnew leak in sharedpolicyreplace If mpolnew is allocated but not used in...

CVE-2025-56232

GOG Galaxy 2.0.0.2 is affected by a Missing SSL certificate validation vulnerability that enables local-network/MITM interception of update requests, potentially replacing installers or updates with malicious files. The issue is documented across multiple feeds (NVD, Red Hat, CNNVD, EUVD) with no...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990225)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990225 advisory. In the Linux kernel, the following vulnerability has been resolved: dropmonitor: replace spinlock by rawspinlock tracedropcommon is called with preemption disabled,...