Malicious code in kapvino-socvni-fafavi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 154f908c4da812f29409a84cd58b58930a0584bd6a801ee5998b94da0fcc4ccc This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-176832 Malicious code in nuilva-darde-ogofiagadaf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 817a4471b709edb797ad6215ff80d614129bed64989d06cfabdc061e7a556cac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-178569 Malicious code in sahufarf-satud-fad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6a80f267e9861c3f330738b998b7bb7512154f7fb6060d1d71529ec55ffb316 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in gr-nutr-sdaf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dbc195bc1405e4bac620decabb079bd1dbba43bce25f06d0c8ebc48094ebd80 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prayoga-poke50 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ff2ce0323d02ed57be30a15534d97fdb1fc98120373437caf05773ff6cb73e4a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-158211 Malicious code in lintang-tea50 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bbed2bcda991ca63614c6a76970f7d736edce92977350b3aca2a0f2639256bd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-170378 Malicious code in verify-ayca-amilsukaoxmai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 567d47c6eb5d9ae23ce803df039130f1f2d3c3409cabad04af13f4f78a983f64 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

USN-7836-2: Bind vulnerabilities

USN-7836-1 fixed vulnerabilities in Bind. This update provides the corresponding fixes for Ubuntu 20.04 LTS. Original advisory details: Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain malformed DNSKEY records. A remote attacker could possibly use this issue to cause Bind to...

UBUNTU-CVE-2025-40127

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

bind: Cache poisoning due to weak PRNG

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

EUVD-2025-119993

The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...

CVE-2025-12113

CVE-2025-12113 affects the WordPress plugin “Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images” (versions

CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion

The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...

CVE-2025-12113 Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion

The Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the atgaideleteapikey function in all versions up to, and including, 1.8.3. This makes it possible for authenticated...

Malicious code in rimraf-update-hyperion-astro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 856bb93d73cea29e9602b81c30057a610e50532b6049d7a87ef6b010f8a1aae4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress Alt Text Generator AI plugin <= 1.8.3 - Missing Authorization to Authenticated (Subscriber+) API Key Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ API Key Deletion vulnerability discovered by Legion Hunter in WordPress Plugin Alt Text Generator AI versions = 1.8.3...

WordPress plugin Alt Text Generator AI – Auto Generate & Bulk Update Alt Texts For Images 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

RHEL 9 : bind (RHSA-2025:21110)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21110 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Linux Distros Unpatched Vulnerability : CVE-2025-40127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is...

PT-2025-46602

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the hardware random number generator hwrng and the ks-sa driver. A division by zero error occurs in the ks sa rng init function due to an...