CVE-2025-64519

TorrentPier (PHP) up to version 2.8.8 is affected by an authenticated SQL injection in the moderator control panel (modcp.php) via the topic_id parameter. The root cause is unsafely embedding the $topic_id input into an SQL query, enabling an authenticated moderator to execute arbitrary SQL with ...

MAL-2025-61588 Malicious code in visible_chipmunk_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0caf3d2d1f77a2a2f2f20c2307cfe98633621d436e12037002eaddb908c6c3f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in marxist_dormouse_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8764397394fd43c7999877b37f280037e0e1d23663abc203df7501ba76e7355d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in dewi-jengkol75-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c5b07d012f2a801c06befee49452fccb79833b7364d660d9deb1b684e5c24a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in tense_cow_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e3f7ec1f681d8091eb38a2cd0d511f011487a59e42ba1f394f2e973d0a9609 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in rifqi-mie66-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7867809bb5bb240d4596c8b8ac570c35472300da121cbb91ed77bb3b72f3388c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in indah-sate90-ruro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 805ba353fcd29c32c89d41944babe56ac7507e7e63bf7d6fddecb3c805031da8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-54449 Malicious code in putri-tiwul36-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85b838af03cf8d479fcf51575b9c2d2fbb2fd8e3637e7cfe3a74b3609f5bdee1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in joko-gado-gado28-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bff95c0af5dfb646155584516814823dfd7347fe937743ea4e561e9452d7a9f9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cindy-bakso96-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1885a562ff2fbfbfc4d7d4d78252d85239c0809678a9c1ff02372a4e0ed43433 The package cindy-bakso96-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that floode...

Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues: Update to OpenJDK 8u472 build 08 with OpenJDK 0.56.0 virtual machine including Oracle October 2025 CPU changes: CVE-2025-53057: Fixed unauthenticated attacker achieving unauthorized access to critical data or complete access bsc1252414...

EUVD-2025-38371

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for...

CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update

The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'createrefund' function in all versions up to, and including, 1.0.42. This makes it possible for authenticated attackers, wit...

CVE-2025-12167 Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset

The Contact Form 7 AWeber Extension plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxaweberlogreset' AJAX endpoint in all versions up to, and including, 0.1.42. This makes it possible for authenticated attackers, with...

CVE-2025-12583

The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxneofixsdledit' AJAX endpoint along with many others in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, wi...

WordPress plugin Simple Downloads List 安全漏洞

WordPress Simple Downloads List plugin is a plugin for managing file downloads that allows users to create and manage file download lists on their website. An unauthorized data modification vulnerability exists in the WordPress Simple Downloads List plugin, which can be exploited by attackers to...

PT-2025-45560

Name of the Vulnerable Software and Affected Versions Envira Photo Gallery versions up to and including 1.11.0 Description The Envira Photo Gallery plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check on the /envira-convert/v1/bulk-conve...

WordPress plugin Contact Form 7 AWeber Extension 安全漏洞

WordPress Contact Form 7 AWeber Extension plugin is an extension plugin designed for WordPress Contact Form 7 plugin for automatic synchronization of form data to AWeber email marketing platform. The WordPress Contact Form 7 AWeber Extension plugin suffers from an unauthorized data modification...

PT-2025-45550

Name of the Vulnerable Software and Affected Versions Contact Form 7 AWeber Extension versions through 0.1.42 Description The Contact Form 7 AWeber Extension plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check on the wp ajax aweber...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions 7.14.7 and earlier and 8.0.0-beta.1 through 8.9.0, which stems from inconsistent access control and could lead to unauthorized data exposure and modification...